diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-05-12 11:53:39 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-05-12 11:53:39 +0000 |
| commit | 6cacf549d3c2d5bddb0dcadd620e1db2897c7f26 (patch) | |
| tree | e187e7d708a063f1628697fe779e2bb101d451b8 | |
| parent | fbdb9ac866a647da0919b224f05cca039afc02fa (diff) | |
| download | src-test2-6cacf549d3c2d5bddb0dcadd620e1db2897c7f26.tar.gz src-test2-6cacf549d3c2d5bddb0dcadd620e1db2897c7f26.zip | |
Vendor import of Unbound 1.6.2.vendor/unbound/1.6.2
Notes
Notes:
svn path=/vendor/unbound/dist/; revision=333532
svn path=/vendor/unbound/1.6.2/; revision=333533; tag=vendor/unbound/1.6.2
331 files changed, 16944 insertions, 4179 deletions
diff --git a/.gitignore b/.gitignore index 7fed8d74d386..baf06faadb6e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ /config.log /config.status /dnstap/dnstap_config.h +/dnscrypt/dnscrypt_config.h /doc/example.conf /doc/libunbound.3 /doc/unbound-anchor.8 diff --git a/Makefile.in b/Makefile.in index 997282e44b28..588fbc5553dd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ +DNSCRYPT_SRC=@DNSCRYPT_SRC@ +DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ WITH_PYUNBOUND=@WITH_PYUNBOUND@ PY_MAJOR_VERSION=@PY_MAJOR_VERSION@ @@ -95,6 +97,9 @@ PYTHONMOD_HEADER=@PYTHONMOD_HEADER@ PYUNBOUND_SRC= # libunbound_wrap.lo if python libunbound wrapper enabled. PYUNBOUND_OBJ=@PYUNBOUND_OBJ@ +SUBNET_SRC=edns-subnet/edns-subnet.c edns-subnet/subnetmod.c edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c +SUBNET_OBJ=@SUBNET_OBJ@ +SUBNET_HEADER=@SUBNET_HEADER@ COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \ util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \ util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \ @@ -104,6 +109,7 @@ iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \ services/localzone.c services/mesh.c services/modstack.c services/view.c \ services/outbound_list.c services/outside_network.c util/alloc.c \ util/config_file.c util/configlexer.c util/configparser.c \ +util/shm_side/shm_main.c \ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \ @@ -112,8 +118,11 @@ util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ validator/autotrust.c validator/val_anchor.c validator/validator.c \ validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ validator/val_nsec3.c validator/val_nsec.c validator/val_secalgo.c \ -validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c cachedb/cachedb.c $(CHECKLOCK_SRC) \ -$(DNSTAP_SRC) +validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ +edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ +edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ +cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ +$(DNSTAP_SRC) $(DNSCRYPT_SRC) COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ @@ -124,7 +133,8 @@ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ -$(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) +$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) +COMMON_OBJ_WITHOUT_NETCALL+=respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -148,15 +158,16 @@ str2wire.lo UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ -testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c +testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \ +testcode/unitecs.c UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \ unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \ -readhex.lo testpkts.lo unitldns.lo +readhex.lo testpkts.lo unitldns.lo unitecs.lo UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \ $(COMPAT_OBJ) DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \ daemon/remote.c daemon/stats.c daemon/unbound.c daemon/worker.c @WIN_DAEMON_SRC@ -DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo remote.lo stats.lo unbound.lo \ +DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo shm_main.lo remote.lo stats.lo unbound.lo \ worker.lo @WIN_DAEMON_OBJ@ DAEMON_OBJ_LINK=$(DAEMON_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ $(COMPAT_OBJ) @WIN_DAEMON_OBJ_LINK@ @@ -180,7 +191,7 @@ daemon/worker.c daemon/acl_list.c daemon/daemon.c daemon/stats.c \ testcode/replay.c testcode/fake_event.c TESTBOUND_OBJ=testbound.lo replay.lo fake_event.lo TESTBOUND_OBJ_LINK=$(TESTBOUND_OBJ) testpkts.lo worker.lo acl_list.lo \ -daemon.lo stats.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ +daemon.lo stats.lo shm_main.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ $(COMPAT_OBJ) LOCKVERIFY_SRC=testcode/lock_verify.c LOCKVERIFY_OBJ=lock_verify.lo @@ -379,6 +390,13 @@ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h +# dnscrypt +dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ + dnscrypt/dnscrypt_config.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h + # Python Module pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ @@ -584,7 +602,9 @@ depend: -e 's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \ -e 's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \ -e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \ + -e 's?$$(srcdir)/dnscrypt/dnscrypt_config.h??g' \ -e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \ + -e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \ -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \ > $(DEPEND_TMP) cp $(DEPEND_TARGET) $(DEPEND_TMP2) @@ -608,11 +628,12 @@ dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_de $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ @@ -634,11 +655,12 @@ msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/d $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ @@ -651,7 +673,8 @@ iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterato $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h @@ -695,40 +718,46 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/sbuffer.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/as112.h + $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/as112.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/util/data/dname.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(PYTHONMOD_HEADER) + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -736,19 +765,22 @@ view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(s $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/netevent.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/dnstap/dnstap.h alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ @@ -756,45 +788,61 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/util/iana_ports.inc + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h +shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ - $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(PYTHONMOD_HEADER) + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ + $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/edns-subnet.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/util/ub_event.h \ - $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/dnstap/dnstap.h +netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/ub_event.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ + net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -802,10 +850,11 @@ net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_he $(srcdir)/sldns/wire2str.h random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \ @@ -813,7 +862,8 @@ dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/s $(srcdir)/util/log.h $(srcdir)/util/net_help.h lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h @@ -821,14 +871,17 @@ slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/uti $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ @@ -840,9 +893,10 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ @@ -857,8 +911,8 @@ validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/val $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ @@ -895,8 +949,8 @@ val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ @@ -910,9 +964,37 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/modstack.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h +addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ + $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/regional.h $(srcdir)/util/config_file.h cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h +respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ @@ -927,7 +1009,10 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/r $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/random.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/random.h \ + $(srcdir)/respip/respip.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ @@ -958,6 +1043,12 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ @@ -967,68 +1058,72 @@ acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/ac cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ + $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/ub_event.h + $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ @@ -1037,16 +1132,18 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/libworker.h + $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ + $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \ $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ @@ -1055,9 +1152,10 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ @@ -1066,8 +1164,9 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/libworker.h + $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ @@ -1076,44 +1175,47 @@ acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/ac $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h + $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ + $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h + $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \ @@ -1121,10 +1223,11 @@ pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h + $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -1132,13 +1235,14 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) + $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -1146,6 +1250,7 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/sldns/sbuffer.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ @@ -1155,21 +1260,23 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ @@ -1188,24 +1295,26 @@ perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h + $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h petal.lo petal.o: $(srcdir)/testcode/petal.c config.h pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h diff --git a/ac_pkg_swig.m4 b/ac_pkg_swig.m4 index 738f69d45eac..87f99fb2fe98 100644 --- a/ac_pkg_swig.m4 +++ b/ac_pkg_swig.m4 @@ -103,9 +103,20 @@ AC_DEFUN([AC_PROG_SWIG],[ if test -z "$available_patch" ; then [available_patch=0] fi - if test $available_major -ne $required_major \ - -o $available_minor -ne $required_minor \ - -o $available_patch -lt $required_patch ; then + [badversion=0] + if test $available_major -lt $required_major ; then + [badversion=1] + fi + if test $available_major -eq $required_major \ + -a $available_minor -lt $required_minor ; then + [badversion=1] + fi + if test $available_major -eq $required_major \ + -a $available_minor -eq $required_minor \ + -a $available_patch -lt $required_patch ; then + [badversion=1] + fi + if test $badversion -eq 1 ; then AC_MSG_WARN([SWIG version >= $1 is required. You have $swig_version. You should look at http://www.swig.org]) SWIG='echo "Error: SWIG version >= $1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' else diff --git a/acx_python.m4 b/acx_python.m4 index 4e83d7764bcd..2940971f1a4e 100644 --- a/acx_python.m4 +++ b/acx_python.m4 @@ -22,8 +22,7 @@ AC_DEFUN([AC_PYTHON_DEVEL],[ # Check if you have distutils, else fail # AC_MSG_CHECKING([for the distutils Python package]) - ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` - if test -z "$ac_distutils_result"; then + if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) diff --git a/config.h.in b/config.h.in index 3a4f47b5ca79..eacbc7f69ee0 100644 --- a/config.h.in +++ b/config.h.in @@ -3,6 +3,9 @@ /* Directory to chroot to */ #undef CHROOT_DIR +/* Define this to enable client subnet option. */ +#undef CLIENT_SUBNET + /* Do sha512 definitions in config.h */ #undef COMPAT_SHA512 @@ -385,6 +388,9 @@ /* Define to 1 if you have the `SHA512_Update' function. */ #undef HAVE_SHA512_UPDATE +/* Define to 1 if you have the `shmget' function. */ +#undef HAVE_SHMGET + /* Define to 1 if you have the `sigprocmask' function. */ #undef HAVE_SIGPROCMASK @@ -457,6 +463,9 @@ /* Define to 1 if systemd should be used */ #undef HAVE_SYSTEMD +/* Define to 1 if you have the <sys/ipc.h> header file. */ +#undef HAVE_SYS_IPC_H + /* Define to 1 if you have the <sys/param.h> header file. */ #undef HAVE_SYS_PARAM_H @@ -466,6 +475,9 @@ /* Define to 1 if you have the <sys/sha2.h> header file. */ #undef HAVE_SYS_SHA2_H +/* Define to 1 if you have the <sys/shm.h> header file. */ +#undef HAVE_SYS_SHM_H + /* Define to 1 if you have the <sys/socket.h> header file. */ #undef HAVE_SYS_SOCKET_H @@ -651,6 +663,9 @@ /* Define to 1 to use cachedb support */ #undef USE_CACHEDB +/* Define to 1 to enable dnscrypt support */ +#undef USE_DNSCRYPT + /* Define to 1 to enable dnstap support */ #undef USE_DNSTAP @@ -675,6 +690,9 @@ /* Define this to enable client TCP Fast Open. */ #undef USE_OSX_MSG_FASTOPEN +/* Define this to enable SHA1 support. */ +#undef USE_SHA1 + /* Define this to enable SHA256 and SHA512 support. */ #undef USE_SHA2 diff --git a/configure b/configure index f81ed1e86c90..a3283e1eddb4 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.6.1. +# Generated by GNU Autoconf 2.69 for unbound 1.6.2. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.6.1' -PACKAGE_STRING='unbound 1.6.1' +PACKAGE_VERSION='1.6.2' +PACKAGE_STRING='unbound 1.6.2' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -638,6 +638,9 @@ INSTALLTARGET ALLTARGET SOURCEFILE SOURCEDETERMINE +DNSCRYPT_OBJ +DNSCRYPT_SRC +ENABLE_DNSCRYPT DNSTAP_OBJ DNSTAP_SRC opt_dnstap_socket_path @@ -671,6 +674,8 @@ staticexe PC_LIBEVENT_DEPENDENCY UNBOUND_EVENT_UNINSTALL UNBOUND_EVENT_INSTALL +SUBNET_HEADER +SUBNET_OBJ SSLLIB HAVE_SSL CONFIG_DATE @@ -840,7 +845,9 @@ with_pythonmodule with_nss with_nettle with_ssl +enable_sha1 enable_sha2 +enable_subnet enable_gost enable_ecdsa enable_dsa @@ -857,6 +864,8 @@ enable_dnstap with_dnstap_socket_path with_protobuf_c with_libfstrm +enable_dnscrypt +with_libsodium enable_cachedb with_libunbound_only ' @@ -1420,7 +1429,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.6.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.6.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1485,7 +1494,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.6.1:";; + short | recursive ) echo "Configuration of unbound 1.6.2:";; esac cat <<\_ACEOF @@ -1515,7 +1524,10 @@ Optional Features: enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes + --disable-sha1 Disable SHA1 RRSIG support, does not disable nsec3 + support --disable-sha2 Disable SHA256 and SHA512 RRSIG support + --enable-subnet Enable client subnet --disable-gost Disable GOST support --disable-ecdsa Disable ECDSA support --disable-dsa Disable DSA support @@ -1532,6 +1544,7 @@ Optional Features: to it, smaller install size but libunbound export table is polluted by internal symbols --enable-dnstap Enable dnstap support (requires fstrm, protobuf-c) + --enable-dnscrypt Enable dnscrypt support (requires libsodium) --enable-cachedb enable cachedb module that can use external cache storage @@ -1586,6 +1599,7 @@ Optional Packages: set default dnstap socket path --with-protobuf-c=path Path where protobuf-c is installed, for dnstap --with-libfstrm=path Path where libfstrm is installed, for dnstap + --with-libsodium=path Path where libsodium is installed, for dnscrypt --with-libunbound-only do not build daemon and tool programs Some influential environment variables: @@ -1689,7 +1703,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.6.1 +unbound configure 1.6.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2398,7 +2412,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.6.1, which was +It was created by unbound $as_me 1.6.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2750,12 +2764,12 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=6 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=2 -LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=4 -LIBUNBOUND_AGE=4 +LIBUNBOUND_CURRENT=7 +LIBUNBOUND_REVISION=1 +LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 # 1.0.2 had 0:14:0 @@ -2806,6 +2820,7 @@ LIBUNBOUND_AGE=4 # 1.5.10 had 6:2:4 # 1.6.0 had 6:3:4 # 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type +# 1.6.2 had 7:1:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -4104,7 +4119,7 @@ fi if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files\\Unbound\\service.conf" fi # Check whether --with-conf_file was given. @@ -4235,7 +4250,7 @@ else if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" fi fi @@ -4257,7 +4272,7 @@ else if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" fi fi @@ -14422,7 +14437,7 @@ CC=$lt_save_CC # Checks for header files. -for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h +for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/ipc.h sys/shm.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -16717,8 +16732,7 @@ fi # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 $as_echo_n "checking for the distutils Python package... " >&6; } - ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` - if test -z "$ac_distutils_result"; then + if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else @@ -16908,7 +16922,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&5 $as_echo "$as_me: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&2;} SWIG='echo "Error: SWIG is not installed. You should look at http://www.swig.org" ; false' - elif test -n "" ; then + elif test -n "2.0.1" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SWIG version" >&5 $as_echo_n "checking for SWIG version... " >&6; } swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'` @@ -16916,7 +16930,7 @@ $as_echo_n "checking for SWIG version... " >&6; } $as_echo "$swig_version" >&6; } if test -n "$swig_version" ; then # Calculate the required version number components - required= + required=2.0.1 required_major=`echo $required | sed 's/[^0-9].*//'` if test -z "$required_major" ; then required_major=0 @@ -16947,12 +16961,23 @@ $as_echo "$swig_version" >&6; } if test -z "$available_patch" ; then available_patch=0 fi - if test $available_major -ne $required_major \ - -o $available_minor -ne $required_minor \ - -o $available_patch -lt $required_patch ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&5 -$as_echo "$as_me: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&2;} - SWIG='echo "Error: SWIG version >= is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' + badversion=0 + if test $available_major -lt $required_major ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -lt $required_minor ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -eq $required_minor \ + -a $available_patch -lt $required_patch ; then + badversion=1 + fi + if test $badversion -eq 1 ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&5 +$as_echo "$as_me: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&2;} + SWIG='echo "Error: SWIG version >= 2.0.1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' else { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG executable is '$SWIG'" >&5 $as_echo "$as_me: SWIG executable is '$SWIG'" >&6;} @@ -17697,6 +17722,22 @@ fi +# Check whether --enable-sha1 was given. +if test "${enable_sha1+set}" = set; then : + enableval=$enable_sha1; +fi + +case "$enable_sha1" in + no) + ;; + yes|*) + +$as_echo "#define USE_SHA1 1" >>confdefs.h + + ;; +esac + + # Check whether --enable-sha2 was given. if test "${enable_sha2+set}" = set; then : enableval=$enable_sha2; @@ -17712,6 +17753,25 @@ $as_echo "#define USE_SHA2 1" >>confdefs.h ;; esac +# Check whether --enable-subnet was given. +if test "${enable_subnet+set}" = set; then : + enableval=$enable_subnet; +fi + +case "$enable_subnet" in + yes) + +$as_echo "#define CLIENT_SUBNET 1" >>confdefs.h + + SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" + + SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' + + ;; + no|*) + ;; +esac + # check wether gost also works # Check whether --enable-gost was given. @@ -19251,7 +19311,7 @@ if test "$ac_res" != no; then : fi -for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync +for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -20170,6 +20230,105 @@ _ACEOF fi +# check for dnscrypt if requested + + # Check whether --enable-dnscrypt was given. +if test "${enable_dnscrypt+set}" = set; then : + enableval=$enable_dnscrypt; opt_dnscrypt=$enableval +else + opt_dnscrypt=no +fi + + + if test "x$opt_dnscrypt" != "xno"; then + +# Check whether --with-libsodium was given. +if test "${with_libsodium+set}" = set; then : + withval=$with_libsodium; + CFLAGS="$CFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_init" >&5 +$as_echo_n "checking for library containing sodium_init... " >&6; } +if ${ac_cv_search_sodium_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sodium_init (); +int +main () +{ +return sodium_init (); + ; + return 0; +} +_ACEOF +for ac_lib in '' sodium; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_sodium_init=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_sodium_init+:} false; then : + break +fi +done +if ${ac_cv_search_sodium_init+:} false; then : + +else + ac_cv_search_sodium_init=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_init" >&5 +$as_echo "$ac_cv_search_sodium_init" >&6; } +ac_res=$ac_cv_search_sodium_init +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5 +fi + + + +$as_echo "#define USE_DNSCRYPT 1" >>confdefs.h + + ENABLE_DNSCRYPT=1 + + + DNSCRYPT_SRC="dnscrypt/dnscrypt.c" + + DNSCRYPT_OBJ="dnscrypt.lo" + + + else + + ENABLE_DNSCRYPT=0 + + + + fi + + # check for cachedb if requested # Check whether --enable-cachedb was given. if test "${enable_cachedb+set}" = set; then : @@ -20328,12 +20487,12 @@ _ACEOF -version=1.6.1 +version=1.6.2 date=`date +'%b %e, %Y'` -ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service" +ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service" ac_config_headers="$ac_config_headers config.h" @@ -20847,7 +21006,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.6.1, which was +This file was extended by unbound $as_me 1.6.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20913,7 +21072,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.6.1 +unbound config.status 1.6.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -21335,6 +21494,7 @@ do "doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;; "smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;; "dnstap/dnstap_config.h") CONFIG_FILES="$CONFIG_FILES dnstap/dnstap_config.h" ;; + "dnscrypt/dnscrypt_config.h") CONFIG_FILES="$CONFIG_FILES dnscrypt/dnscrypt_config.h" ;; "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; "contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;; "contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;; diff --git a/configure.ac b/configure.ac index bc465b0ebb94..6657474077c1 100644 --- a/configure.ac +++ b/configure.ac @@ -6,19 +6,20 @@ sinclude(ax_pthread.m4) sinclude(acx_python.m4) sinclude(ac_pkg_swig.m4) sinclude(dnstap/dnstap.m4) +sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[2]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) -LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=4 -LIBUNBOUND_AGE=4 +LIBUNBOUND_CURRENT=7 +LIBUNBOUND_REVISION=1 +LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 # 1.0.2 had 0:14:0 @@ -69,6 +70,7 @@ LIBUNBOUND_AGE=4 # 1.5.10 had 6:2:4 # 1.6.0 had 6:3:4 # 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type +# 1.6.2 had 7:1:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -120,7 +122,7 @@ fi if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files\\Unbound\\service.conf" fi AC_ARG_WITH([conf_file], AC_HELP_STRING([--with-conf-file=path], @@ -190,7 +192,7 @@ AC_ARG_WITH(rootkey-file, if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" fi ) AC_SUBST(UNBOUND_ROOTKEY_FILE) @@ -204,7 +206,7 @@ AC_ARG_WITH(rootcert-file, if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" fi ) AC_SUBST(UNBOUND_ROOTCERT_FILE) @@ -304,7 +306,7 @@ AC_CHECK_TOOL(STRIP, strip) ACX_LIBTOOL_C_ONLY # Checks for header files. -AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. @@ -550,7 +552,7 @@ if test x_$ub_test_python != x_no; then # Check for SWIG ub_have_swig=no - AC_PROG_SWIG + AC_PROG_SWIG(2.0.1) AC_MSG_CHECKING(SWIG) if test ! -x "$SWIG"; then AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) @@ -709,6 +711,16 @@ fi AC_SUBST(SSLLIB) +AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) +case "$enable_sha1" in + no) + ;; + yes|*) + AC_DEFINE([USE_SHA1], [1], [Define this to enable SHA1 support.]) + ;; +esac + + AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support])) case "$enable_sha2" in no) @@ -718,6 +730,19 @@ case "$enable_sha2" in ;; esac +AC_ARG_ENABLE(subnet, AC_HELP_STRING([--enable-subnet], [Enable client subnet])) +case "$enable_subnet" in + yes) + AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.]) + SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" + AC_SUBST(SUBNET_OBJ) + SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' + AC_SUBST(SUBNET_HEADER) + ;; + no|*) + ;; +esac + # check wether gost also works AC_DEFUN([AC_CHECK_GOST_WORKS], [AC_REQUIRE([AC_PROG_CC]) @@ -1148,7 +1173,7 @@ AC_INCLUDES_DEFAULT #endif ]) AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget]) AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) @@ -1303,6 +1328,19 @@ dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock], ] ) +# check for dnscrypt if requested +dnsc_DNSCRYPT([ + AC_DEFINE([USE_DNSCRYPT], [1], [Define to 1 to enable dnscrypt support]) + AC_SUBST([ENABLE_DNSCRYPT], [1]) + + AC_SUBST([DNSCRYPT_SRC], ["dnscrypt/dnscrypt.c"]) + AC_SUBST([DNSCRYPT_OBJ], ["dnscrypt.lo"]) + ], + [ + AC_SUBST([ENABLE_DNSCRYPT], [0]) + ] +) + # check for cachedb if requested AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage])) case "$enable_cachedb" in @@ -1606,6 +1644,6 @@ dnl if this is a distro tarball, that was already done by makedist.sh AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) AC_SUBST(date, [`date +'%b %e, %Y'`]) -AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service]) +AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service]) AC_CONFIG_HEADER([config.h]) AC_OUTPUT diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index b33c3706dd44..3ddadfa95ee2 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -1,8 +1,28 @@ -[Service] -Type=notify -NotifyAccess=main -ExecStart=/home/vagrant/unbound_systemd/unbound -ExecReload=/bin/kill -HUP $MAINPID +[Unit] +Description=Validating, recursive, and caching DNS resolver +Documentation=man:unbound(8) [Install] WantedBy=multi-user.target + +[Service] +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/home/vagrant/unbound_systemd/unbound +NotifyAccess=main +Type=notify +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +ProtectHome=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +ReadWritePaths=/etc/unbound /run +RestrictAddressFamilies=AF_INET AF_UNIX +RestrictRealtime=true +SystemCallArchitectures=native +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources + diff --git a/daemon/daemon.c b/daemon/daemon.c index 4cae4380065a..dad9f86b344e 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -73,6 +73,7 @@ #include "util/log.h" #include "util/config_file.h" #include "util/data/msgreply.h" +#include "util/shm_side/shm_main.h" #include "util/storage/lookup3.h" #include "util/storage/slabhash.h" #include "services/listen_dnsport.h" @@ -86,6 +87,7 @@ #include "util/tube.h" #include "util/net_help.h" #include "sldns/keyraw.h" +#include "respip/respip.h" #include <signal.h> #ifdef HAVE_SYSTEMD @@ -561,6 +563,8 @@ daemon_stop_others(struct daemon* daemon) void daemon_fork(struct daemon* daemon) { + int have_view_respip_cfg = 0; + log_assert(daemon); if(!(daemon->views = views_create())) fatal_exit("Could not create views: out of memory"); @@ -570,15 +574,44 @@ daemon_fork(struct daemon* daemon) if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) fatal_exit("Could not setup access control list"); + if(daemon->cfg->dnscrypt) { +#ifdef USE_DNSCRYPT + daemon->dnscenv = dnsc_create(); + if (!daemon->dnscenv) + fatal_exit("dnsc_create failed"); + dnsc_apply_cfg(daemon->dnscenv, daemon->cfg); +#else + fatal_exit("dnscrypt enabled in config but unbound was not built with " + "dnscrypt support"); +#endif + } /* create global local_zones */ if(!(daemon->local_zones = local_zones_create())) fatal_exit("Could not create local zones: out of memory"); if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) fatal_exit("Could not set up local zones"); + /* process raw response-ip configuration data */ + if(!(daemon->respip_set = respip_set_create())) + fatal_exit("Could not create response IP set"); + if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg)) + fatal_exit("Could not set up response IP set"); + if(!respip_views_apply_cfg(daemon->views, daemon->cfg, + &have_view_respip_cfg)) + fatal_exit("Could not set up per-view response IP sets"); + daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || + have_view_respip_cfg; + /* setup modules */ daemon_setup_modules(daemon); + /* response-ip-xxx options don't work as expected without the respip + * module. To avoid run-time operational surprise we reject such + * configuration. */ + if(daemon->use_response_ip && + modstack_find(&daemon->mods, "respip") < 0) + fatal_exit("response-ip options require respip module"); + /* first create all the worker structures, so we can pass * them to the newly created threads. */ @@ -605,6 +638,9 @@ daemon_fork(struct daemon* daemon) #endif signal_handling_playback(daemon->workers[0]); + if (!shm_main_init(daemon)) + log_warn("SHM has failed"); + /* Start resolver service on main thread. */ #ifdef HAVE_SYSTEMD sd_notify(0, "READY=1"); @@ -619,6 +655,9 @@ daemon_fork(struct daemon* daemon) /* we exited! a signal happened! Stop other threads */ daemon_stop_others(daemon); + /* Shutdown SHM */ + shm_main_shutdown(daemon); + daemon->need_to_exit = daemon->workers[0]->need_to_exit; } @@ -638,6 +677,8 @@ daemon_cleanup(struct daemon* daemon) slabhash_clear(daemon->env->msg_cache); local_zones_delete(daemon->local_zones); daemon->local_zones = NULL; + respip_set_delete(daemon->respip_set); + daemon->respip_set = NULL; views_delete(daemon->views); daemon->views = NULL; /* key cache is cleared by module desetup during next daemon_fork() */ @@ -670,7 +711,6 @@ daemon_delete(struct daemon* daemon) rrset_cache_delete(daemon->env->rrset_cache); infra_delete(daemon->env->infra_cache); edns_known_options_delete(daemon->env); - inplace_cb_lists_delete(daemon->env); } ub_randfree(daemon->rand); alloc_clear(&daemon->superalloc); diff --git a/daemon/daemon.h b/daemon/daemon.h index 9177c0fd6bce..031e05da3433 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@ -56,12 +56,19 @@ struct local_zones; struct views; struct ub_randstate; struct daemon_remote; +struct respip_set; +struct shm_main_info; #include "dnstap/dnstap_config.h" #ifdef USE_DNSTAP struct dt_env; #endif +#include "dnscrypt/dnscrypt_config.h" +#ifdef USE_DNSCRYPT +struct dnsc_env; +#endif + /** * Structure holding worker list. * Holds globally visible information. @@ -118,6 +125,15 @@ struct daemon { /** the dnstap environment master value, copied and changed by threads*/ struct dt_env* dtenv; #endif + struct shm_main_info* shm_info; + /** response-ip set with associated actions and tags. */ + struct respip_set* respip_set; + /** some response-ip tags or actions are configured if true */ + int use_response_ip; +#ifdef USE_DNSCRYPT + /** the dnscrypt environment */ + struct dnsc_env* dnscenv; +#endif }; /** diff --git a/daemon/remote.c b/daemon/remote.c index 681c57906a53..c15967c20888 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -242,6 +242,29 @@ daemon_remote_create(struct config_file* cfg) daemon_remote_delete(rc); return NULL; } +#if defined(SSL_OP_NO_TLSv1) && defined(SSL_OP_NO_TLSv1_1) + /* if we have tls 1.1 disable 1.0 */ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1) & SSL_OP_NO_TLSv1) + != SSL_OP_NO_TLSv1){ + log_crypto_err("could not set SSL_OP_NO_TLSv1"); + daemon_remote_delete(rc); + return NULL; + } +#endif +#if defined(SSL_OP_NO_TLSv1_1) && defined(SSL_OP_NO_TLSv1_2) + /* if we have tls 1.2 disable 1.1 */ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1_1) & SSL_OP_NO_TLSv1_1) + != SSL_OP_NO_TLSv1_1){ + log_crypto_err("could not set SSL_OP_NO_TLSv1_1"); + daemon_remote_delete(rc); + return NULL; + } +#endif +#ifdef SHA256_DIGEST_LENGTH + /* if we have sha256, set the cipher list to have no known vulns */ + if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256")) + log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list"); +#endif if (cfg->remote_control_use_cert == 0) { /* No certificates are requested */ @@ -775,6 +798,16 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s) (unsigned long)s->svr.zero_ttl_responses)) return 0; if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, (unsigned long)s->mesh_replies_sent)) return 0; +#ifdef USE_DNSCRYPT + if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm, + (unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0; + if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm, + (unsigned long)s->svr.num_query_dnscrypt_cert)) return 0; + if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm, + (unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0; + if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm, + (unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0; +#endif if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm, (s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)? (double)s->svr.sum_query_list_size/ @@ -830,11 +863,15 @@ static int print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon) { int m; - size_t msg, rrset, val, iter; + size_t msg, rrset, val, iter, respip; +#ifdef CLIENT_SUBNET + size_t subnet = 0; +#endif /* CLIENT_SUBNET */ msg = slabhash_get_mem(daemon->env->msg_cache); rrset = slabhash_get_mem(&daemon->env->rrset_cache->table); val=0; iter=0; + respip=0; m = modstack_find(&worker->env.mesh->mods, "validator"); if(m != -1) { fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> @@ -849,6 +886,22 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon) iter = (*worker->env.mesh->mods.mod[m]->get_mem) (&worker->env, m); } + m = modstack_find(&worker->env.mesh->mods, "respip"); + if(m != -1) { + fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> + mods.mod[m]->get_mem)); + respip = (*worker->env.mesh->mods.mod[m]->get_mem) + (&worker->env, m); + } +#ifdef CLIENT_SUBNET + m = modstack_find(&worker->env.mesh->mods, "subnet"); + if(m != -1) { + fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh-> + mods.mod[m]->get_mem)); + subnet = (*worker->env.mesh->mods.mod[m]->get_mem) + (&worker->env, m); + } +#endif /* CLIENT_SUBNET */ if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset)) return 0; @@ -858,6 +911,12 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon) return 0; if(!print_longnum(ssl, "mem.mod.validator"SQ, val)) return 0; + if(!print_longnum(ssl, "mem.mod.respip"SQ, respip)) + return 0; +#ifdef CLIENT_SUBNET + if(!print_longnum(ssl, "mem.mod.subnet"SQ, subnet)) + return 0; +#endif /* CLIENT_SUBNET */ return 1; } @@ -1342,6 +1401,13 @@ do_view_zone_add(SSL* ssl, struct worker* worker, char* arg) ssl_printf(ssl,"no view with name: %s\n", arg); return; } + if(!v->local_zones) { + if(!(v->local_zones = local_zones_create())){ + lock_rw_unlock(&v->lock); + ssl_printf(ssl,"error out of memory\n"); + return; + } + } do_zone_add(ssl, v->local_zones, arg2); lock_rw_unlock(&v->lock); } @@ -1360,6 +1426,11 @@ do_view_zone_remove(SSL* ssl, struct worker* worker, char* arg) ssl_printf(ssl,"no view with name: %s\n", arg); return; } + if(!v->local_zones) { + lock_rw_unlock(&v->lock); + send_ok(ssl); + return; + } do_zone_remove(ssl, v->local_zones, arg2); lock_rw_unlock(&v->lock); } @@ -1378,6 +1449,13 @@ do_view_data_add(SSL* ssl, struct worker* worker, char* arg) ssl_printf(ssl,"no view with name: %s\n", arg); return; } + if(!v->local_zones) { + if(!(v->local_zones = local_zones_create())){ + lock_rw_unlock(&v->lock); + ssl_printf(ssl,"error out of memory\n"); + return; + } + } do_data_add(ssl, v->local_zones, arg2); lock_rw_unlock(&v->lock); } @@ -1396,6 +1474,11 @@ do_view_data_remove(SSL* ssl, struct worker* worker, char* arg) ssl_printf(ssl,"no view with name: %s\n", arg); return; } + if(!v->local_zones) { + lock_rw_unlock(&v->lock); + send_ok(ssl); + return; + } do_data_remove(ssl, v->local_zones, arg2); lock_rw_unlock(&v->lock); } @@ -2531,7 +2614,9 @@ do_view_list_local_zones(SSL* ssl, struct worker* worker, char* arg) ssl_printf(ssl,"no view with name: %s\n", arg); return; } - do_list_local_zones(ssl, v->local_zones); + if(v->local_zones) { + do_list_local_zones(ssl, v->local_zones); + } lock_rw_unlock(&v->lock); } @@ -2545,7 +2630,9 @@ do_view_list_local_data(SSL* ssl, struct worker* worker, char* arg) ssl_printf(ssl,"no view with name: %s\n", arg); return; } - do_list_local_data(ssl, worker, v->local_zones); + if(v->local_zones) { + do_list_local_data(ssl, worker, v->local_zones); + } lock_rw_unlock(&v->lock); } diff --git a/daemon/stats.c b/daemon/stats.c index a3c3d738976e..3665616be8be 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -232,6 +232,14 @@ void server_stats_add(struct stats_info* total, struct stats_info* a) total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache; total->svr.num_queries_prefetch += a->svr.num_queries_prefetch; total->svr.sum_query_list_size += a->svr.sum_query_list_size; +#ifdef USE_DNSCRYPT + total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted; + total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert; + total->svr.num_query_dnscrypt_cleartext += \ + a->svr.num_query_dnscrypt_cleartext; + total->svr.num_query_dnscrypt_crypted_malformed += \ + a->svr.num_query_dnscrypt_crypted_malformed; +#endif /* the max size reached is upped to higher of both */ if(a->svr.max_query_list_size > total->svr.max_query_list_size) total->svr.max_query_list_size = a->svr.max_query_list_size; diff --git a/daemon/stats.h b/daemon/stats.h index 0b9d77b427d0..39c4d21c5774 100644 --- a/daemon/stats.h +++ b/daemon/stats.h @@ -43,6 +43,7 @@ #ifndef DAEMON_STATS_H #define DAEMON_STATS_H #include "util/timehist.h" +#include "dnscrypt/dnscrypt_config.h" struct worker; struct config_file; struct comm_point; @@ -149,6 +150,16 @@ struct server_stats { size_t infra_cache_count; /** number of key cache entries */ size_t key_cache_count; +#ifdef USE_DNSCRYPT + /** number of queries that used dnscrypt */ + size_t num_query_dnscrypt_crypted; + /** number of queries that queried dnscrypt certificates */ + size_t num_query_dnscrypt_cert; + /** number of queries in clear text and not asking for the certificates */ + size_t num_query_dnscrypt_cleartext; + /** number of malformed encrypted queries */ + size_t num_query_dnscrypt_crypted_malformed; +#endif }; /** diff --git a/daemon/worker.c b/daemon/worker.c index b23bbab95d92..b1cc974aa2e2 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -69,9 +69,13 @@ #include "iterator/iter_hints.h" #include "validator/autotrust.h" #include "validator/val_anchor.h" +#include "respip/respip.h" #include "libunbound/context.h" #include "libunbound/libworker.h" #include "sldns/sbuffer.h" +#include "sldns/wire2str.h" +#include "util/shm_side/shm_main.h" +#include "dnscrypt/dnscrypt.h" #ifdef HAVE_SYS_TYPES_H # include <sys/types.h> @@ -113,6 +117,9 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), size_t total, front, back, mesh, msg, rrset, infra, ac, superac; size_t me, iter, val, anch; int i; +#ifdef CLIENT_SUBNET + size_t subnet = 0; +#endif /* CLIENT_SUBNET */ if(verbosity < VERB_ALGO) return; front = listen_get_mem(worker->front); @@ -132,6 +139,12 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0) val += (*worker->env.mesh->mods.mod[i]->get_mem) (&worker->env, i); +#ifdef CLIENT_SUBNET + else if(strcmp(worker->env.mesh->mods.mod[i]->name, + "subnet")==0) + subnet += (*worker->env.mesh->mods.mod[i]->get_mem) + (&worker->env, i); +#endif /* CLIENT_SUBNET */ else iter += (*worker->env.mesh->mods.mod[i]->get_mem) (&worker->env, i); } @@ -149,6 +162,17 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), me += serviced_get_mem(cur_serv); } total = front+back+mesh+msg+rrset+infra+iter+val+ac+superac+me; +#ifdef CLIENT_SUBNET + total += subnet; + log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " + "rrset=%u infra=%u iter=%u val=%u subnet=%u anchors=%u " + "alloccache=%u globalalloccache=%u me=%u", + (unsigned)total, (unsigned)front, (unsigned)back, + (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, + (unsigned)iter, (unsigned)val, + (unsigned)subnet, (unsigned)anch, (unsigned)ac, + (unsigned)superac, (unsigned)me); +#else /* no CLIENT_SUBNET */ log_info("Memory conditions: %u front=%u back=%u mesh=%u msg=%u " "rrset=%u infra=%u iter=%u val=%u anchors=%u " "alloccache=%u globalalloccache=%u me=%u", @@ -156,11 +180,15 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), (unsigned)mesh, (unsigned)msg, (unsigned)rrset, (unsigned)infra, (unsigned)iter, (unsigned)val, (unsigned)anch, (unsigned)ac, (unsigned)superac, (unsigned)me); +#endif /* CLIENT_SUBNET */ log_info("Total heap memory estimate: %u total-alloc: %u " "total-free: %u", (unsigned)total, (unsigned)unbound_mem_alloc, (unsigned)unbound_mem_freed); #else /* no UNBOUND_ALLOC_STATS */ size_t val = 0; +#ifdef CLIENT_SUBNET + size_t subnet = 0; +#endif /* CLIENT_SUBNET */ int i; if(verbosity < VERB_QUERY) return; @@ -170,12 +198,27 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker), if(strcmp(worker->env.mesh->mods.mod[i]->name, "validator")==0) val += (*worker->env.mesh->mods.mod[i]->get_mem) (&worker->env, i); +#ifdef CLIENT_SUBNET + else if(strcmp(worker->env.mesh->mods.mod[i]->name, + "subnet")==0) + subnet += (*worker->env.mesh->mods.mod[i]->get_mem) + (&worker->env, i); +#endif /* CLIENT_SUBNET */ } +#ifdef CLIENT_SUBNET + verbose(VERB_QUERY, "cache memory msg=%u rrset=%u infra=%u val=%u " + "subnet=%u", + (unsigned)slabhash_get_mem(worker->env.msg_cache), + (unsigned)slabhash_get_mem(&worker->env.rrset_cache->table), + (unsigned)infra_get_mem(worker->env.infra_cache), + (unsigned)val, (unsigned)subnet); +#else /* no CLIENT_SUBNET */ verbose(VERB_QUERY, "cache memory msg=%u rrset=%u infra=%u val=%u", (unsigned)slabhash_get_mem(worker->env.msg_cache), (unsigned)slabhash_get_mem(&worker->env.rrset_cache->table), (unsigned)infra_get_mem(worker->env.infra_cache), (unsigned)val); +#endif /* CLIENT_SUBNET */ #endif /* UNBOUND_ALLOC_STATS */ } @@ -510,17 +553,70 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, return 1; } -/** answer query from the cache */ +/** Apply, if applicable, a response IP action to a cached answer. + * If the answer is rewritten as a result of an action, '*encode_repp' will + * point to the reply info containing the modified answer. '*encode_repp' will + * be intact otherwise. + * It returns 1 on success, 0 otherwise. */ +static int +apply_respip_action(struct worker* worker, const struct query_info* qinfo, + struct respip_client_info* cinfo, struct reply_info* rep, + struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset, + struct reply_info** encode_repp) +{ + struct respip_action_info actinfo = {respip_none, NULL}; + + if(qinfo->qtype != LDNS_RR_TYPE_A && + qinfo->qtype != LDNS_RR_TYPE_AAAA && + qinfo->qtype != LDNS_RR_TYPE_ANY) + return 1; + + if(!respip_rewrite_reply(qinfo, cinfo, rep, encode_repp, &actinfo, + alias_rrset, 0, worker->scratchpad)) + return 0; + + /* xxx_deny actions mean dropping the reply, unless the original reply + * was redirected to response-ip data. */ + if((actinfo.action == respip_deny || + actinfo.action == respip_inform_deny) && + *encode_repp == rep) + *encode_repp = NULL; + + /* If address info is returned, it means the action should be an + * 'inform' variant and the information should be logged. */ + if(actinfo.addrinfo) { + respip_inform_print(actinfo.addrinfo, qinfo->qname, + qinfo->qtype, qinfo->qclass, qinfo->local_alias, + repinfo); + } + + return 1; +} + +/** answer query from the cache. + * Normally, the answer message will be built in repinfo->c->buffer; if the + * answer is supposed to be suppressed or the answer is supposed to be an + * incomplete CNAME chain, the buffer is explicitly cleared to signal the + * caller as such. In the latter case *partial_rep will point to the incomplete + * reply, and this function is (possibly) supposed to be called again with that + * *partial_rep value to complete the chain. In addition, if the query should + * be completely dropped, '*need_drop' will be set to 1. */ static int answer_from_cache(struct worker* worker, struct query_info* qinfo, + struct respip_client_info* cinfo, int* need_drop, + struct ub_packed_rrset_key** alias_rrset, + struct reply_info** partial_repp, struct reply_info* rep, uint16_t id, uint16_t flags, struct comm_reply* repinfo, struct edns_data* edns) { time_t timenow = *worker->env.now; uint16_t udpsize = edns->udp_size; + struct reply_info* encode_rep = rep; + struct reply_info* partial_rep = *partial_repp; int secure; int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd) && worker->env.need_to_validate; + *partial_repp = NULL; /* avoid accidental further pass */ if(worker->env.cfg->serve_expired) { /* always lock rrsets, rep->ttl is ignored */ if(!rrset_array_lock(rep->ref, rep->rrset_count, 0)) @@ -600,7 +696,33 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep, (int)(flags&LDNS_RCODE_MASK), edns, worker->scratchpad)) goto bail_out; - if(!reply_info_answer_encode(qinfo, rep, id, flags, + *alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */ + if(worker->daemon->use_response_ip && !partial_rep && + !apply_respip_action(worker, qinfo, cinfo, rep, repinfo, alias_rrset, + &encode_rep)) { + goto bail_out; + } else if(partial_rep && + !respip_merge_cname(partial_rep, qinfo, rep, cinfo, + must_validate, &encode_rep, worker->scratchpad)) { + goto bail_out; + } + if(encode_rep != rep) + secure = 0; /* if rewritten, it can't be considered "secure" */ + if(!encode_rep || *alias_rrset) { + sldns_buffer_clear(repinfo->c->buffer); + sldns_buffer_flip(repinfo->c->buffer); + if(!encode_rep) + *need_drop = 1; + else { + /* If a partial CNAME chain is found, we first need to + * make a copy of the reply in the scratchpad so we + * can release the locks and lookup the cache again. */ + *partial_repp = reply_info_copy(encode_rep, NULL, + worker->scratchpad); + if(!*partial_repp) + goto bail_out; + } + } else if(!reply_info_answer_encode(qinfo, encode_rep, id, flags, repinfo->c->buffer, timenow, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, @@ -621,14 +743,18 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, return 1; } -/** Reply to client and perform prefetch to keep cache up to date */ +/** Reply to client and perform prefetch to keep cache up to date. + * If the buffer for the reply is empty, it indicates that only prefetch is + * necessary and the reply should be suppressed (because it's dropped or + * being deferred). */ static void reply_and_prefetch(struct worker* worker, struct query_info* qinfo, uint16_t flags, struct comm_reply* repinfo, time_t leeway) { /* first send answer to client to keep its latency * as small as a cachereply */ - comm_point_send_reply(repinfo); + if(sldns_buffer_limit(repinfo->c->buffer) != 0) + comm_point_send_reply(repinfo); server_stats_prefetch(&worker->stats, worker); /* create the prefetch in the mesh as a normal lookup without @@ -643,36 +769,41 @@ reply_and_prefetch(struct worker* worker, struct query_info* qinfo, * Fill CH class answer into buffer. Keeps query. * @param pkt: buffer * @param str: string to put into text record (<255). + * array of strings, every string becomes a text record. + * @param num: number of strings in array. * @param edns: edns reply information. * @param worker: worker with scratch region. */ static void -chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns, +chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns, struct worker* worker) { - size_t len = strlen(str); + int i; unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt)); unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt)); - if(len>255) len=255; /* cap size of TXT record */ sldns_buffer_clear(pkt); sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */ sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA)); if(rd) LDNS_RD_SET(sldns_buffer_begin(pkt)); if(cd) LDNS_CD_SET(sldns_buffer_begin(pkt)); sldns_buffer_write_u16(pkt, 1); /* qdcount */ - sldns_buffer_write_u16(pkt, 1); /* ancount */ + sldns_buffer_write_u16(pkt, (uint16_t)num); /* ancount */ sldns_buffer_write_u16(pkt, 0); /* nscount */ sldns_buffer_write_u16(pkt, 0); /* arcount */ (void)query_dname_len(pkt); /* skip qname */ sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */ sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */ - sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */ - sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT); - sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH); - sldns_buffer_write_u32(pkt, 0); /* TTL */ - sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len); - sldns_buffer_write_u8(pkt, len); - sldns_buffer_write(pkt, str, len); + for(i=0; i<num; i++) { + size_t len = strlen(str[i]); + if(len>255) len=255; /* cap size of TXT record */ + sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */ + sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT); + sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH); + sldns_buffer_write_u32(pkt, 0); /* TTL */ + sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len); + sldns_buffer_write_u8(pkt, len); + sldns_buffer_write(pkt, str[i], len); + } sldns_buffer_flip(pkt); edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@ -683,6 +814,70 @@ chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns, attach_edns_record(pkt, edns); } +/** Reply with one string */ +static void +chaos_replyonestr(sldns_buffer* pkt, const char* str, struct edns_data* edns, + struct worker* worker) +{ + chaos_replystr(pkt, (char**)&str, 1, edns, worker); +} + +/** + * Create CH class trustanchor answer. + * @param pkt: buffer + * @param edns: edns reply information. + * @param w: worker with scratch region. + */ +static void +chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w) +{ +#define TA_RESPONSE_MAX_TXT 16 /* max number of TXT records */ +#define TA_RESPONSE_MAX_TAGS 32 /* max number of tags printed per zone */ + char* str_array[TA_RESPONSE_MAX_TXT]; + uint16_t tags[TA_RESPONSE_MAX_TAGS]; + int num = 0; + struct trust_anchor* ta; + + if(!w->env.need_to_validate) { + /* no validator module, reply no trustanchors */ + chaos_replystr(pkt, NULL, 0, edns, w); + return; + } + + /* fill the string with contents */ + lock_basic_lock(&w->env.anchors->lock); + RBTREE_FOR(ta, struct trust_anchor*, w->env.anchors->tree) { + char* str; + size_t i, numtag, str_len = 255; + if(num == TA_RESPONSE_MAX_TXT) continue; + str = (char*)regional_alloc(w->scratchpad, str_len); + if(!str) continue; + lock_basic_lock(&ta->lock); + numtag = anchor_list_keytags(ta, tags, TA_RESPONSE_MAX_TAGS); + if(numtag == 0) { + /* empty, insecure point */ + lock_basic_unlock(&ta->lock); + continue; + } + str_array[num] = str; + num++; + + /* spool name of anchor */ + (void)sldns_wire2str_dname_buf(ta->name, ta->namelen, str, str_len); + str_len -= strlen(str); str += strlen(str); + /* spool tags */ + for(i=0; i<numtag; i++) { + snprintf(str, str_len, " %u", (unsigned)tags[i]); + str_len -= strlen(str); str += strlen(str); + } + lock_basic_unlock(&ta->lock); + } + lock_basic_unlock(&w->env.anchors->lock); + + chaos_replystr(pkt, str_array, num, edns, w); + regional_free_all(w->scratchpad); +} + /** * Answer CH class queries. * @param w: worker @@ -709,13 +904,13 @@ answer_chaos(struct worker* w, struct query_info* qinfo, char buf[MAXHOSTNAMELEN+1]; if (gethostname(buf, MAXHOSTNAMELEN) == 0) { buf[MAXHOSTNAMELEN] = 0; - chaos_replystr(pkt, buf, edns, w); + chaos_replyonestr(pkt, buf, edns, w); } else { log_err("gethostname: %s", strerror(errno)); - chaos_replystr(pkt, "no hostname", edns, w); + chaos_replyonestr(pkt, "no hostname", edns, w); } } - else chaos_replystr(pkt, cfg->identity, edns, w); + else chaos_replyonestr(pkt, cfg->identity, edns, w); return 1; } if(query_dname_compare(qinfo->qname, @@ -726,10 +921,19 @@ answer_chaos(struct worker* w, struct query_info* qinfo, if(cfg->hide_version) return 0; if(cfg->version==NULL || cfg->version[0]==0) - chaos_replystr(pkt, PACKAGE_STRING, edns, w); - else chaos_replystr(pkt, cfg->version, edns, w); + chaos_replyonestr(pkt, PACKAGE_STRING, edns, w); + else chaos_replyonestr(pkt, cfg->version, edns, w); return 1; } + if(query_dname_compare(qinfo->qname, + (uint8_t*)"\013trustanchor\007unbound") == 0) + { + if(cfg->hide_trustanchor) + return 0; + chaos_trustanchor(pkt, edns, w); + return 1; + } + return 0; } @@ -794,12 +998,60 @@ worker_handle_request(struct comm_point* c, void* arg, int error, enum acl_access acl; struct acl_addr* acladdr; int rc = 0; + int need_drop = 0; + /* We might have to chase a CNAME chain internally, in which case + * we'll have up to two replies and combine them to build a complete + * answer. These variables control this case. */ + struct ub_packed_rrset_key* alias_rrset = NULL; + struct reply_info* partial_rep = NULL; + struct query_info* lookup_qinfo = &qinfo; + struct query_info qinfo_tmp; /* placeholdoer for lookup_qinfo */ + struct respip_client_info* cinfo = NULL, cinfo_tmp; if(error != NETEVENT_NOERROR) { /* some bad tcp query DNS formats give these error calls */ verbose(VERB_ALGO, "handle request called with err=%d", error); return 0; } +#ifdef USE_DNSCRYPT + repinfo->max_udp_size = worker->daemon->cfg->max_udp_size; + if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) { + worker->stats.num_query_dnscrypt_crypted_malformed++; + return 0; + } + if(c->dnscrypt && !repinfo->is_dnscrypted) { + char buf[LDNS_MAX_DOMAINLEN+1]; + // Check if this is unencrypted and asking for certs + if(worker_check_request(c->buffer, worker) != 0) { + verbose(VERB_ALGO, "dnscrypt: worker check request: bad query."); + log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + comm_point_drop_reply(repinfo); + return 0; + } + if(!query_info_parse(&qinfo, c->buffer)) { + verbose(VERB_ALGO, "dnscrypt: worker parse request: formerror."); + log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); + comm_point_drop_reply(repinfo); + return 0; + } + dname_str(qinfo.qname, buf); + if(!(qinfo.qtype == LDNS_RR_TYPE_TXT && + strcasecmp(buf, worker->daemon->dnscenv->provider_name) == 0)) { + verbose(VERB_ALGO, + "dnscrypt: not TXT %s. Receive: %s %s", + worker->daemon->dnscenv->provider_name, + sldns_rr_descript(qinfo.qtype)->_name, + buf); + comm_point_drop_reply(repinfo); + worker->stats.num_query_dnscrypt_cleartext++; + return 0; + } + worker->stats.num_query_dnscrypt_cert++; + sldns_buffer_rewind(c->buffer); + } else if(c->dnscrypt && repinfo->is_dnscrypted) { + worker->stats.num_query_dnscrypt_crypted++; + } +#endif #ifdef USE_DNSTAP if(worker->dtenv.log_client_query_messages) dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type, @@ -1036,16 +1288,43 @@ worker_handle_request(struct comm_point* c, void* arg, int error, qinfo.qname_len = d->rr_len[0] - 2; } + /* If we may apply IP-based actions to the answer, build the client + * information. As this can be expensive, skip it if there is + * absolutely no possibility of it. */ + if(worker->daemon->use_response_ip && + (qinfo.qtype == LDNS_RR_TYPE_A || + qinfo.qtype == LDNS_RR_TYPE_AAAA || + qinfo.qtype == LDNS_RR_TYPE_ANY)) { + cinfo_tmp.taglist = acladdr->taglist; + cinfo_tmp.taglen = acladdr->taglen; + cinfo_tmp.tag_actions = acladdr->tag_actions; + cinfo_tmp.tag_actions_size = acladdr->tag_actions_size; + cinfo_tmp.tag_datas = acladdr->tag_datas; + cinfo_tmp.tag_datas_size = acladdr->tag_datas_size; + cinfo_tmp.view = acladdr->view; + cinfo_tmp.respip_set = worker->daemon->respip_set; + cinfo = &cinfo_tmp; + } + +lookup_cache: + /* Lookup the cache. In case we chase an intermediate CNAME chain + * this is a two-pass operation, and lookup_qinfo is different for + * each pass. We should still pass the original qinfo to + * answer_from_cache(), however, since it's used to build the reply. */ if(!edns_bypass_cache_stage(edns.opt_list, &worker->env)) { - h = query_info_hash(&qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); - if((e=slabhash_lookup(worker->env.msg_cache, h, &qinfo, 0))) { + h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); + if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ if(answer_from_cache(worker, &qinfo, + cinfo, &need_drop, &alias_rrset, &partial_rep, (struct reply_info*)e->data, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, &edns)) { - /* prefetch it if the prefetch TTL expired */ + /* prefetch it if the prefetch TTL expired. + * Note that if there is more than one pass + * its qname must be that used for cache + * lookup. */ if((worker->env.cfg->prefetch || worker->env.cfg->serve_expired) && *worker->env.now >= ((struct reply_info*)e->data)->prefetch_ttl) { @@ -1055,16 +1334,38 @@ worker_handle_request(struct comm_point* c, void* arg, int error, < *worker->env.now) leeway = 0; lock_rw_unlock(&e->lock); - reply_and_prefetch(worker, &qinfo, + reply_and_prefetch(worker, lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2), repinfo, leeway); - rc = 0; + if(!partial_rep) { + rc = 0; + regional_free_all(worker->scratchpad); + goto send_reply_rc; + } + } else if(!partial_rep) { + lock_rw_unlock(&e->lock); regional_free_all(worker->scratchpad); - goto send_reply_rc; + goto send_reply; } + /* We've found a partial reply ending with an + * alias. Replace the lookup qinfo for the + * alias target and lookup the cache again to + * (possibly) complete the reply. As we're + * passing the "base" reply, there will be no + * more alias chasing. */ lock_rw_unlock(&e->lock); - regional_free_all(worker->scratchpad); - goto send_reply; + memset(&qinfo_tmp, 0, sizeof(qinfo_tmp)); + get_cname_target(alias_rrset, &qinfo_tmp.qname, + &qinfo_tmp.qname_len); + if(!qinfo_tmp.qname) { + log_err("unexpected: invalid answer alias"); + regional_free_all(worker->scratchpad); + return 0; /* drop query */ + } + qinfo_tmp.qtype = qinfo.qtype; + qinfo_tmp.qclass = qinfo.qclass; + lookup_qinfo = &qinfo_tmp; + goto lookup_cache; } verbose(VERB_ALGO, "answer from the cache failed"); lock_rw_unlock(&e->lock); @@ -1093,7 +1394,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } /* grab a work request structure for this new request */ - mesh_new_client(worker->env.mesh, &qinfo, + mesh_new_client(worker->env.mesh, &qinfo, cinfo, sldns_buffer_read_u16_at(c->buffer, 2), &edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer)); regional_free_all(worker->scratchpad); @@ -1103,6 +1404,10 @@ worker_handle_request(struct comm_point* c, void* arg, int error, send_reply: rc = 1; send_reply_rc: + if(need_drop) { + comm_point_drop_reply(repinfo); + return 0; + } #ifdef USE_DNSTAP if(worker->dtenv.log_client_response_messages) dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, @@ -1114,6 +1419,11 @@ send_reply_rc: log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, tv, 1, c->buffer); } +#ifdef USE_DNSCRYPT + if(!dnsc_handle_uncurved_request(repinfo)) { + return 0; + } +#endif return rc; } @@ -1169,6 +1479,10 @@ void worker_stat_timer_cb(void* arg) server_stats_log(&worker->stats, worker, worker->thread_num); mesh_stats(worker->env.mesh, "mesh has"); worker_mem_report(worker, NULL); + /* SHM is enabled, process data to SHM */ + if (worker->daemon->cfg->shm_enable) { + shm_main_run(worker); + } if(!worker->daemon->cfg->stat_cumulative) { worker_stats_clear(worker); } diff --git a/dns64/dns64.c b/dns64/dns64.c index befec864d6ab..b3e3ab852bca 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -411,31 +411,6 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id) return module_wait_subquery; } -/** allocate (special) rrset keys, return 0 on error */ -static int -repinfo_alloc_rrset_keys(struct reply_info* rep, - struct regional* region) -{ - size_t i; - for(i=0; i<rep->rrset_count; i++) { - if(region) { - rep->rrsets[i] = (struct ub_packed_rrset_key*) - regional_alloc(region, - sizeof(struct ub_packed_rrset_key)); - if(rep->rrsets[i]) { - memset(rep->rrsets[i], 0, - sizeof(struct ub_packed_rrset_key)); - rep->rrsets[i]->entry.key = rep->rrsets[i]; - } - } - else return 0;/* rep->rrsets[i] = alloc_special_obtain(alloc);*/ - if(!rep->rrsets[i]) - return 0; - rep->rrsets[i]->entry.data = NULL; - } - return 1; -} - static enum module_ext_state generate_type_A_query(struct module_qstate* qstate, int id) { @@ -707,7 +682,7 @@ dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate return; /* allocate ub_key structures special or not */ - if(!repinfo_alloc_rrset_keys(cp, super->region)) { + if(!reply_info_alloc_rrset_keys(cp, NULL, super->region)) { return; } diff --git a/dnscrypt/cert.h b/dnscrypt/cert.h new file mode 100644 index 000000000000..044f49f2642c --- /dev/null +++ b/dnscrypt/cert.h @@ -0,0 +1,32 @@ +#ifndef UNBOUND_DNSCRYPT_CERT_H +#define UNBOUND_DNSCRYPT_CERT_H + +/** + * \file + * certificate type for dnscrypt for use in other header files + */ + +#include <sodium.h> +#define CERT_MAGIC_CERT "DNSC" +#define CERT_MAJOR_VERSION 1 +#define CERT_MINOR_VERSION 0 +#define CERT_OLD_MAGIC_HEADER "7PYqwfzt" + +#define CERT_FILE_EXPIRE_DAYS 365 + +struct SignedCert { + uint8_t magic_cert[4]; + uint8_t version_major[2]; + uint8_t version_minor[2]; + + // Signed Content + uint8_t server_publickey[crypto_box_PUBLICKEYBYTES]; + uint8_t magic_query[8]; + uint8_t serial[4]; + uint8_t ts_begin[4]; + uint8_t ts_end[4]; + uint8_t end[64]; +}; + + +#endif diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c new file mode 100644 index 000000000000..56903e6513f3 --- /dev/null +++ b/dnscrypt/dnscrypt.c @@ -0,0 +1,531 @@ + +#include "config.h" +#include <stdlib.h> +#include <fcntl.h> +#ifdef HAVE_TIME_H +#include <time.h> +#endif +#include <sys/time.h> +#include <sys/types.h> +#include "sldns/sbuffer.h" +#include "util/config_file.h" +#include "util/net_help.h" +#include "util/netevent.h" +#include "util/log.h" + +#include "dnscrypt/cert.h" +#include "dnscrypt/dnscrypt.h" + +#include <ctype.h> + +/** + * \file + * dnscrypt functions for encrypting DNS packets. + */ + +#define DNSCRYPT_QUERY_BOX_OFFSET \ + (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES) + +// 8 bytes: magic header (CERT_MAGIC_HEADER) +// 12 bytes: the client's nonce +// 12 bytes: server nonce extension +// 16 bytes: Poly1305 MAC (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) + +#define DNSCRYPT_REPLY_BOX_OFFSET \ + (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES + crypto_box_HALF_NONCEBYTES) + +/** + * Decrypt a query using the keypair that was found using dnsc_find_keypair. + * The client nonce will be extracted from the encrypted query and stored in + * client_nonce, a shared secret will be computed and stored in nmkey and the + * buffer will be decrypted inplace. + * \param[in] keypair the keypair that matches this encrypted query. + * \param[in] client_nonce where the client nonce will be stored. + * \param[in] nmkey where the shared secret key will be written. + * \param[in] buffer the encrypted buffer. + * \return 0 on success. + */ +static int +dnscrypt_server_uncurve(const KeyPair *keypair, + uint8_t client_nonce[crypto_box_HALF_NONCEBYTES], + uint8_t nmkey[crypto_box_BEFORENMBYTES], + struct sldns_buffer* buffer) +{ + size_t len = sldns_buffer_limit(buffer); + uint8_t *const buf = sldns_buffer_begin(buffer); + uint8_t nonce[crypto_box_NONCEBYTES]; + struct dnscrypt_query_header *query_header; + + if (len <= DNSCRYPT_QUERY_HEADER_SIZE) { + return -1; + } + + query_header = (struct dnscrypt_query_header *)buf; + memcpy(nmkey, query_header->publickey, crypto_box_PUBLICKEYBYTES); + if (crypto_box_beforenm(nmkey, nmkey, keypair->crypt_secretkey) != 0) { + return -1; + } + + memcpy(nonce, query_header->nonce, crypto_box_HALF_NONCEBYTES); + memset(nonce + crypto_box_HALF_NONCEBYTES, 0, crypto_box_HALF_NONCEBYTES); + + sldns_buffer_set_at(buffer, + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES, + 0, crypto_box_BOXZEROBYTES); + + if (crypto_box_open_afternm + (buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES, + buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES, + len - DNSCRYPT_QUERY_BOX_OFFSET + crypto_box_BOXZEROBYTES, nonce, + nmkey) != 0) { + return -1; + } + + while (*sldns_buffer_at(buffer, --len) == 0) + ; + + if (*sldns_buffer_at(buffer, len) != 0x80) { + return -1; + } + + memcpy(client_nonce, nonce, crypto_box_HALF_NONCEBYTES); + memmove(sldns_buffer_begin(buffer), + sldns_buffer_at(buffer, DNSCRYPT_QUERY_HEADER_SIZE), + len - DNSCRYPT_QUERY_HEADER_SIZE); + + sldns_buffer_set_position(buffer, 0); + sldns_buffer_set_limit(buffer, len - DNSCRYPT_QUERY_HEADER_SIZE); + + return 0; +} + + +/** + * Add random padding to a buffer, according to a client nonce. + * The length has to depend on the query in order to avoid reply attacks. + * + * @param buf a buffer + * @param len the initial size of the buffer + * @param max_len the maximum size + * @param nonce a nonce, made of the client nonce repeated twice + * @param secretkey + * @return the new size, after padding + */ +size_t +dnscrypt_pad(uint8_t *buf, const size_t len, const size_t max_len, + const uint8_t *nonce, const uint8_t *secretkey) +{ + uint8_t *buf_padding_area = buf + len; + size_t padded_len; + uint32_t rnd; + + // no padding + if (max_len < len + DNSCRYPT_MIN_PAD_LEN) + return len; + + assert(nonce[crypto_box_HALF_NONCEBYTES] == nonce[0]); + + crypto_stream((unsigned char *)&rnd, (unsigned long long)sizeof(rnd), nonce, + secretkey); + padded_len = + len + DNSCRYPT_MIN_PAD_LEN + rnd % (max_len - len - + DNSCRYPT_MIN_PAD_LEN + 1); + padded_len += DNSCRYPT_BLOCK_SIZE - padded_len % DNSCRYPT_BLOCK_SIZE; + if (padded_len > max_len) + padded_len = max_len; + + memset(buf_padding_area, 0, padded_len - len); + *buf_padding_area = 0x80; + + return padded_len; +} + +uint64_t +dnscrypt_hrtime(void) +{ + struct timeval tv; + uint64_t ts = (uint64_t)0U; + int ret; + + ret = gettimeofday(&tv, NULL); + if (ret == 0) { + ts = (uint64_t)tv.tv_sec * 1000000U + (uint64_t)tv.tv_usec; + } else { + log_err("gettimeofday: %s", strerror(errno)); + } + return ts; +} + +/** + * Add the server nonce part to once. + * The nonce is made half of client nonce and the seconf half of the server + * nonce, both of them of size crypto_box_HALF_NONCEBYTES. + * \param[in] nonce: a uint8_t* of size crypto_box_NONCEBYTES + */ +static void +add_server_nonce(uint8_t *nonce) +{ + uint64_t ts; + uint64_t tsn; + uint32_t suffix; + ts = dnscrypt_hrtime(); + // TODO? dnscrypt-wrapper does some logic with context->nonce_ts_last + // unclear if we really need it, so skipping it for now. + tsn = (ts << 10) | (randombytes_random() & 0x3ff); +#if (BYTE_ORDER == LITTLE_ENDIAN) + tsn = + (((uint64_t)htonl((uint32_t)tsn)) << 32) | htonl((uint32_t)(tsn >> 32)); +#endif + memcpy(nonce + crypto_box_HALF_NONCEBYTES, &tsn, 8); + suffix = randombytes_random(); + memcpy(nonce + crypto_box_HALF_NONCEBYTES + 8, &suffix, 4); +} + +/** + * Encrypt a reply using the keypair that was used with the query. + * The client nonce will be extracted from the encrypted query and stored in + * The buffer will be encrypted inplace. + * \param[in] keypair the keypair that matches this encrypted query. + * \param[in] client_nonce client nonce used during the query + * \param[in] nmkey shared secret key used during the query. + * \param[in] buffer the buffer where to encrypt the reply. + * \param[in] udp if whether or not it is a UDP query. + * \param[in] max_udp_size configured max udp size. + * \return 0 on success. + */ +static int +dnscrypt_server_curve(const KeyPair *keypair, + uint8_t client_nonce[crypto_box_HALF_NONCEBYTES], + uint8_t nmkey[crypto_box_BEFORENMBYTES], + struct sldns_buffer* buffer, + uint8_t udp, + size_t max_udp_size) +{ + size_t dns_reply_len = sldns_buffer_limit(buffer); + size_t max_len = dns_reply_len + DNSCRYPT_MAX_PADDING + DNSCRYPT_REPLY_HEADER_SIZE; + size_t max_reply_size = max_udp_size - 20U - 8U; + uint8_t nonce[crypto_box_NONCEBYTES]; + uint8_t *boxed; + uint8_t *const buf = sldns_buffer_begin(buffer); + size_t len = sldns_buffer_limit(buffer); + + if(udp){ + if (max_len > max_reply_size) + max_len = max_reply_size; + } + + + memcpy(nonce, client_nonce, crypto_box_HALF_NONCEBYTES); + memcpy(nonce + crypto_box_HALF_NONCEBYTES, client_nonce, + crypto_box_HALF_NONCEBYTES); + + boxed = buf + DNSCRYPT_REPLY_BOX_OFFSET; + memmove(boxed + crypto_box_MACBYTES, buf, len); + len = dnscrypt_pad(boxed + crypto_box_MACBYTES, len, + max_len - DNSCRYPT_REPLY_HEADER_SIZE, nonce, + keypair->crypt_secretkey); + sldns_buffer_set_at(buffer, + DNSCRYPT_REPLY_BOX_OFFSET - crypto_box_BOXZEROBYTES, + 0, crypto_box_ZEROBYTES); + + // add server nonce extension + add_server_nonce(nonce); + + if (crypto_box_afternm + (boxed - crypto_box_BOXZEROBYTES, boxed - crypto_box_BOXZEROBYTES, + len + crypto_box_ZEROBYTES, nonce, nmkey) != 0) { + return -1; + } + + sldns_buffer_write_at(buffer, 0, DNSCRYPT_MAGIC_RESPONSE, DNSCRYPT_MAGIC_HEADER_LEN); + sldns_buffer_write_at(buffer, DNSCRYPT_MAGIC_HEADER_LEN, nonce, crypto_box_NONCEBYTES); + sldns_buffer_set_limit(buffer, len + DNSCRYPT_REPLY_HEADER_SIZE); + return 0; +} + +/** + * Read the content of fname into buf. + * \param[in] fname name of the file to read. + * \param[in] buf the buffer in which to read the content of the file. + * \param[in] count number of bytes to read. + * \return 0 on success. + */ +static int +dnsc_read_from_file(char *fname, char *buf, size_t count) +{ + int fd; + fd = open(fname, O_RDONLY); + if (fd == -1) { + return -1; + } + if (read(fd, buf, count) != (ssize_t)count) { + close(fd); + return -2; + } + close(fd); + return 0; +} + +/** + * Parse certificates files provided by the configuration and load them into + * dnsc_env. + * \param[in] env the dnsc_env structure to load the certs into. + * \param[in] cfg the configuration. + * \return the number of certificates loaded. + */ +static int +dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg) +{ + struct config_strlist *head; + size_t signed_cert_id; + + env->signed_certs_count = 0U; + for (head = cfg->dnscrypt_provider_cert; head; head = head->next) { + env->signed_certs_count++; + } + env->signed_certs = sodium_allocarray(env->signed_certs_count, + sizeof *env->signed_certs); + + signed_cert_id = 0U; + for(head = cfg->dnscrypt_provider_cert; head; head = head->next, signed_cert_id++) { + if(dnsc_read_from_file( + head->str, + (char *)(env->signed_certs + signed_cert_id), + sizeof(struct SignedCert)) != 0) { + fatal_exit("dnsc_parse_certs: failed to load %s: %s", head->str, strerror(errno)); + } + verbose(VERB_OPS, "Loaded cert %s", head->str); + } + return signed_cert_id; +} + +/** + * Helper function to convert a binary key into a printable fingerprint. + * \param[in] fingerprint the buffer in which to write the printable key. + * \param[in] key the key to convert. + */ +void +dnsc_key_to_fingerprint(char fingerprint[80U], const uint8_t * const key) +{ + const size_t fingerprint_size = 80U; + size_t fingerprint_pos = (size_t) 0U; + size_t key_pos = (size_t) 0U; + + for (;;) { + assert(fingerprint_size > fingerprint_pos); + snprintf(&fingerprint[fingerprint_pos], + fingerprint_size - fingerprint_pos, "%02X%02X", + key[key_pos], key[key_pos + 1U]); + key_pos += 2U; + if (key_pos >= crypto_box_PUBLICKEYBYTES) { + break; + } + fingerprint[fingerprint_pos + 4U] = ':'; + fingerprint_pos += 5U; + } +} + +/** + * Find the keypair matching a DNSCrypt query. + * \param[in] dnscenv The DNSCrypt enviroment, which contains the list of keys + * supported by the server. + * \param[in] buffer The encrypted DNS query. + * \return a KeyPair * if we found a key pair matching the query, NULL otherwise. + */ +static const KeyPair * +dnsc_find_keypair(struct dnsc_env* dnscenv, struct sldns_buffer* buffer) +{ + const KeyPair *keypairs = dnscenv->keypairs; + struct dnscrypt_query_header *dnscrypt_header; + size_t i; + + if (sldns_buffer_limit(buffer) < DNSCRYPT_QUERY_HEADER_SIZE) { + return NULL; + } + dnscrypt_header = (struct dnscrypt_query_header *)sldns_buffer_begin(buffer); + for (i = 0U; i < dnscenv->keypairs_count; i++) { + if (memcmp(keypairs[i].crypt_publickey, dnscrypt_header->magic_query, + DNSCRYPT_MAGIC_HEADER_LEN) == 0) { + return &keypairs[i]; + } + } + return NULL; +} + +/** + * Insert local-zone and local-data into configuration. + * In order to be able to serve certs over TXT, we can reuse the local-zone and + * local-data config option. The zone and qname are infered from the + * provider_name and the content of the TXT record from the certificate content. + * returns the number of certtificate TXT record that were loaded. + * < 0 in case of error. + */ +static int +dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) +{ + size_t i, j; + // Insert 'local-zone: "2.dnscrypt-cert.example.com" deny' + if(!cfg_str2list_insert(&cfg->local_zones, + strdup(dnscenv->provider_name), + strdup("deny"))) { + log_err("Could not load dnscrypt local-zone: %s deny", + dnscenv->provider_name); + return -1; + } + + // Add local data entry of type: + // 2.dnscrypt-cert.example.com 86400 IN TXT "DNSC......" + for(i=0; i<dnscenv->signed_certs_count; i++) { + const char *ttl_class_type = " 86400 IN TXT \""; + struct SignedCert *cert = dnscenv->signed_certs + i; + uint16_t rrlen = strlen(dnscenv->provider_name) + + strlen(ttl_class_type) + + 4 * sizeof(struct SignedCert) + // worst case scenario + 1 + // trailing double quote + 1; + char *rr = malloc(rrlen); + if(!rr) { + log_err("Could not allocate memory"); + return -2; + } + snprintf(rr, rrlen - 1, "%s 86400 IN TXT \"", dnscenv->provider_name); + for(j=0; j<sizeof(struct SignedCert); j++) { + int c = (int)*((const uint8_t *) cert + j); + if (isprint(c) && c != '"' && c != '\\') { + snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "%c", c); + } else { + snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "\\%03d", c); + } + } + snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "\""); + cfg_strlist_insert(&cfg->local_data, strdup(rr)); + free(rr); + } + return dnscenv->signed_certs_count; +} + +/** + * Parse the secret key files from `dnscrypt-secret-key` config and populates + * a list of secret/public keys supported by dnscrypt listener. + * \param[in] env The dnsc_env structure which will hold the keypairs. + * \param[in] cfg The config with the secret key file paths. + */ +static int +dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg) +{ + struct config_strlist *head; + size_t keypair_id; + + env->keypairs_count = 0U; + for (head = cfg->dnscrypt_secret_key; head; head = head->next) { + env->keypairs_count++; + } + env->keypairs = sodium_allocarray(env->keypairs_count, + sizeof *env->keypairs); + + keypair_id = 0U; + for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) { + char fingerprint[80]; + if(dnsc_read_from_file( + head->str, + (char *)(env->keypairs[keypair_id].crypt_secretkey), + crypto_box_SECRETKEYBYTES) != 0) { + fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno)); + } + verbose(VERB_OPS, "Loaded key %s", head->str); + if (crypto_scalarmult_base(env->keypairs[keypair_id].crypt_publickey, + env->keypairs[keypair_id].crypt_secretkey) != 0) { + fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str); + } + dnsc_key_to_fingerprint(fingerprint, env->keypairs[keypair_id].crypt_publickey); + verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", head->str, fingerprint); + } + return keypair_id; +} + + +/** + * ######################################################### + * ############# Publicly accessible functions ############# + * ######################################################### + */ + +int +dnsc_handle_curved_request(struct dnsc_env* dnscenv, + struct comm_reply* repinfo) +{ + struct comm_point* c = repinfo->c; + + repinfo->is_dnscrypted = 0; + if( !c->dnscrypt ) { + return 1; + } + // Attempt to decrypt the query. If it is not crypted, we may still need + // to serve the certificate. + verbose(VERB_ALGO, "handle request called on DNSCrypt socket"); + if ((repinfo->keypair = dnsc_find_keypair(dnscenv, c->buffer)) != NULL) { + if(dnscrypt_server_uncurve(repinfo->keypair, + repinfo->client_nonce, + repinfo->nmkey, + c->buffer) != 0){ + verbose(VERB_ALGO, "dnscrypt: Failed to uncurve"); + comm_point_drop_reply(repinfo); + return 0; + } + repinfo->is_dnscrypted = 1; + sldns_buffer_rewind(c->buffer); + } + return 1; +} + +int +dnsc_handle_uncurved_request(struct comm_reply *repinfo) +{ + if(!repinfo->c->dnscrypt) { + return 1; + } + sldns_buffer_copy(repinfo->c->dnscrypt_buffer, repinfo->c->buffer); + if(!repinfo->is_dnscrypted) { + return 1; + } + if(dnscrypt_server_curve(repinfo->keypair, + repinfo->client_nonce, + repinfo->nmkey, + repinfo->c->dnscrypt_buffer, + repinfo->c->type == comm_udp, + repinfo->max_udp_size) != 0){ + verbose(VERB_ALGO, "dnscrypt: Failed to curve cached missed answer"); + comm_point_drop_reply(repinfo); + return 0; + } + return 1; +} + +struct dnsc_env * +dnsc_create(void) +{ + struct dnsc_env *env; + if (sodium_init() == -1) { + fatal_exit("dnsc_create: could not initialize libsodium."); + } + env = (struct dnsc_env *) calloc(1, sizeof(struct dnsc_env)); + return env; +} + +int +dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg) +{ + if(dnsc_parse_certs(env, cfg) <= 0) { + fatal_exit("dnsc_apply_cfg: no cert file loaded"); + } + if(dnsc_parse_keys(env, cfg) <= 0) { + fatal_exit("dnsc_apply_cfg: no key file loaded"); + } + randombytes_buf(env->hash_key, sizeof env->hash_key); + env->provider_name = cfg->dnscrypt_provider; + + if(dnsc_load_local_data(env, cfg) <= 0) { + fatal_exit("dnsc_apply_cfg: could not load local data"); + } + return 0; +} diff --git a/dnscrypt/dnscrypt.h b/dnscrypt/dnscrypt.h new file mode 100644 index 000000000000..dac611b056f8 --- /dev/null +++ b/dnscrypt/dnscrypt.h @@ -0,0 +1,102 @@ +#ifndef UNBOUND_DNSCRYPT_H +#define UNBOUND_DNSCRYPT_H + +/** + * \file + * dnscrypt functions for encrypting DNS packets. + */ + +#include "dnscrypt/dnscrypt_config.h" +#ifdef USE_DNSCRYPT + +#define DNSCRYPT_MAGIC_HEADER_LEN 8U +#define DNSCRYPT_MAGIC_RESPONSE "r6fnvWj8" + +#ifndef DNSCRYPT_MAX_PADDING +# define DNSCRYPT_MAX_PADDING 256U +#endif +#ifndef DNSCRYPT_BLOCK_SIZE +# define DNSCRYPT_BLOCK_SIZE 64U +#endif +#ifndef DNSCRYPT_MIN_PAD_LEN +# define DNSCRYPT_MIN_PAD_LEN 8U +#endif + +#define crypto_box_HALF_NONCEBYTES (crypto_box_NONCEBYTES / 2U) + +#include "config.h" +#include "dnscrypt/cert.h" + +#define DNSCRYPT_QUERY_HEADER_SIZE \ + (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES + crypto_box_MACBYTES) +#define DNSCRYPT_RESPONSE_HEADER_SIZE \ + (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_NONCEBYTES + crypto_box_MACBYTES) + +#define DNSCRYPT_REPLY_HEADER_SIZE \ + (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES * 2 + crypto_box_MACBYTES) + +struct sldns_buffer; +struct config_file; +struct comm_reply; + +typedef struct KeyPair_ { + uint8_t crypt_publickey[crypto_box_PUBLICKEYBYTES]; + uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES]; +} KeyPair; + +struct dnsc_env { + struct SignedCert *signed_certs; + size_t signed_certs_count; + uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES]; + uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES]; + KeyPair *keypairs; + size_t keypairs_count; + uint64_t nonce_ts_last; + unsigned char hash_key[crypto_shorthash_KEYBYTES]; + char * provider_name; +}; + +struct dnscrypt_query_header { + uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN]; + uint8_t publickey[crypto_box_PUBLICKEYBYTES]; + uint8_t nonce[crypto_box_HALF_NONCEBYTES]; + uint8_t mac[crypto_box_MACBYTES]; +}; + +/** + * Initialize DNSCrypt enviroment. + * Initialize sodium library and allocate the dnsc_env structure. + * \return an uninitialized struct dnsc_env. + */ +struct dnsc_env * dnsc_create(void); + +/** + * Apply configuration. + * Read certificates and secret keys from configuration. Initialize hashkey and + * provider name as well as loading cert TXT records. + * In case of issue applying configuration, this function fatals. + * \param[in] env the struct dnsc_env to populate. + * \param[in] cfg the config_file struct with dnscrypt options. + * \return 0 on success. + */ +int dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg); + +/** + * handle a crypted dnscrypt request. + * Determine wether or not a query is coming over the dnscrypt listener and + * attempt to uncurve it or detect if it is a certificate query. + * return 0 in case of failure. + */ +int dnsc_handle_curved_request(struct dnsc_env* dnscenv, + struct comm_reply* repinfo); +/** + * handle an unencrypted dnscrypt request. + * Determine wether or not a query is going over the dnscrypt channel and + * attempt to curve it unless it was not crypted like when it is a + * certificate query. + * \return 0 in case of failure. + */ + +int dnsc_handle_uncurved_request(struct comm_reply *repinfo); +#endif /* USE_DNSCRYPT */ +#endif diff --git a/dnscrypt/dnscrypt.m4 b/dnscrypt/dnscrypt.m4 new file mode 100644 index 000000000000..077d2822174f --- /dev/null +++ b/dnscrypt/dnscrypt.m4 @@ -0,0 +1,25 @@ +# dnscrypt.m4 + +# dnsc_DNSCRYPT([action-if-true], [action-if-false]) +# -------------------------------------------------------------------------- +# Check for required dnscrypt libraries and add dnscrypt configure args. +AC_DEFUN([dnsc_DNSCRYPT], +[ + AC_ARG_ENABLE([dnscrypt], + AS_HELP_STRING([--enable-dnscrypt], + [Enable dnscrypt support (requires libsodium)]), + [opt_dnscrypt=$enableval], [opt_dnscrypt=no]) + + if test "x$opt_dnscrypt" != "xno"; then + AC_ARG_WITH([libsodium], AC_HELP_STRING([--with-libsodium=path], + [Path where libsodium is installed, for dnscrypt]), [ + CFLAGS="$CFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + ]) + AC_SEARCH_LIBS([sodium_init], [sodium], [], + AC_MSG_ERROR([The sodium library was not found. Please install sodium!])) + $1 + else + $2 + fi +]) diff --git a/dnscrypt/dnscrypt_config.h.in b/dnscrypt/dnscrypt_config.h.in new file mode 100644 index 000000000000..d9f38a88e510 --- /dev/null +++ b/dnscrypt/dnscrypt_config.h.in @@ -0,0 +1,17 @@ +#ifndef UNBOUND_DNSCRYPT_CONFIG_H +#define UNBOUND_DNSCRYPT_CONFIG_H + +/* + * Process this file (dnscrypt_config.h.in) with AC_CONFIG_FILES to generate + * dnscrypt_config.h. + * + * This file exists so that USE_DNSCRYPT can be used without including config.h. + */ + +#if @ENABLE_DNSCRYPT@ /* ENABLE_DNSCRYPT */ +# ifndef USE_DNSCRYPT +# define USE_DNSCRYPT 1 +# endif +#endif + +#endif /* UNBOUND_DNSCRYPT_CONFIG_H */ diff --git a/doc/CNAME-basedRedirectionDesignNotes.pdf b/doc/CNAME-basedRedirectionDesignNotes.pdf Binary files differindex 2be2273edb97..11cea0f0f7e4 100644 --- a/doc/CNAME-basedRedirectionDesignNotes.pdf +++ b/doc/CNAME-basedRedirectionDesignNotes.pdf diff --git a/doc/Changelog b/doc/Changelog index 31c9e4627521..2a90abe3e57b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,187 @@ +13 April 2017: Wouter + - Fix #1250: inconsistent indentation in services/listen_dnsport.c. + - tag for 1.6.2rc1 + +12 April 2017: Wouter + - subnet mem value is available in shm, also when not enabled, + to make the struct easier to memmap by other applications, + independent of the configuration of unbound. + +12 April 2017: Ralph + - Fix #1247: unbound does not shorten source prefix length when + forwarding ECS. + - Properly check for allocation failure in local_data_find_tag_datas. + - Fix #1249: unbound doesn't return FORMERR to bogus ECS. + - Set SHM ECS memory usage to 0 when module not loaded. + +11 April 2017: Ralph + - Display ECS module memory usage. + +10 April 2017: Wouter + - harden-algo-downgrade: no also makes unbound more lenient about + digest algorithms in DS records. + +10 April 2017: Ralph + - Remove ECS option after REFUSED answer. + - Fix small memory leak in edns_opt_copy_alloc. + - Respip dereference after NULL check. + - Zero initialize addrtree allocation. + - Use correct identifier for SHM destroy. + +7 April 2017: George + - Fix pythonmod for cb changes. + - Some whitespace fixup. + +7 April 2017: Ralph + - Unlock view in respip unit test + +6 April 2017: Ralph + - Generalise inplace callback (de)registration + - (de)register inplace callbacks for module id + - No unbound-control set_option for ECS options + - Deprecated client-subnet-opcode config option + - Introduced client-subnet-always-forward config option + - Changed max-client-subnet-ipv6 default to 56 (as in RFC) + - Removed extern ECS config options + - module_restart_next now calls clear on all following modules + - Also create ECS module qstate on module_event_pass event + - remove malloc from inplace_cb_register + +6 April 2017: Wouter + - Small fixup for documentation. + - iana portlist update + - Fix respip for braces when locks arent used. + - Fix pythonmod for cb changes. + +4 April 2017: Wouter + - Fix #1244: document that use of chroot requires trust anchor file to + be under chroot. + - iana portlist update + +3 April 2017: Ralph + - Do not add current time twice to TTL before ECS cache store. + - Do not touch rrset cache after ECS cache message generation. + - Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode. + +3 April 2017: Wouter + - Fix #1217: Add metrics to unbound-control interface showing + crypted, cert request, plaintext and malformed queries (from + Manu Bretelle). + - iana portlist update + +27 March 2017: Wouter + - Remove (now unused) event2 include from dnscrypt code. + +24 March 2017: George + - Fix to prevent non-referal query from being cached as referal when the + no_cache_store flag was set. + +23 March 2017: Wouter + - Fix #1239: configure fails to find python distutils if python + prints warning. + +22 March 2017: Wouter + - Fix #1238: segmentation fault when adding through the remote + interface a per-view local zone to a view with no previous + (configured) local zones. + - Fix #1229: Systemd service sandboxing, options in wrong sections. + +21 March 2017: Ralph + - Merge EDNS Client subnet implementation from feature branch into main + branch, using new EDNS processing framework. + +21 March 2017: Wouter + - Fix doxygen for dnscrypt files. + +20 March 2017: Wouter + - #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then + enabled in the config file from Manu Bretelle. + - make depend, autoconf, remove warnings about statement before var. + - lru_demote and lruhash_insert_or_retrieve functions for getdns. + - fixup for lruhash (whitespace and header file comment). + - dnscrypt tests. + +17 March 2017: Wouter + - Patch for view functionality for local-data-ptr from Björn Ketelaars. + - Fix #1237 - Wrong resolving in chain, for norec queries that get + SERVFAIL returned. + +16 March 2017: Wouter + - Fix that SHM is not inited if not enabled. + - Add trustanchor.unbound CH TXT that gets a response with a number + of TXT RRs with a string like "example.com. 2345 1234" with + the trust anchors and their keytags. + - Fix that looped DNAMEs do not cause unbound to spend effort. + - trustanchor tags are sorted. reusable routine to fetch taglist. + +13 March 2017: Wouter + - testbound understands Deckard MATCH rcode question answer commands. + - Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead + of YXDOMAIN + query loop, reported by Petr Spacek. + +10 March 2017: Wouter + - Fix #1234: shortening DNAME loop produces duplicate DNAME records + in ANSWER section. + +9 March 2017: Wouter + - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and + DS records. NSEC3 is not disabled. + - fake-sha1 test option; print warning if used. To make unit tests. + - unbound-control list local zone and data commands listed in the + help output. + +8 March 2017: Wouter + - make depend for build dependencies. + - swig version 2.0.1 required. + - fix enum conversion warnings + +7 March 2017: Wouter + - Fix #1230: swig version 2.0.0 is required for pythonmod, with + 1.3.40 it crashes when running repeatly unbound-control reload. + - Response actions based on IP address from Jinmei Tatuya (Infoblox). + +6 March 2017: Wouter + - Fix #1229: Systemd service sandboxing in contrib/unbound.service. + - iana portlist update + +28 February 2017: Ralph + - Fix testpkts.c, check if DO bit is set, not only if there is an OPT + record. + +28 February 2017: Wouter + - For #1227: if we have sha256, set the cipher list to have no + known vulns. + +27 February 2017: Wouter + - Fix #1227: Fix that Unbound control allows weak ciphersuits. + - Fix #1226: provide official 32bit binary for windows. + +24 February 2017: Wouter + - include sys/time.h for new shm code on NetBSD. + +23 February 2017: Wouter + - Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to + redirect. + - Patch from Luiz Fernando Softov for Stats Shared Memory. + - unbound-control stats_shm command prints stats using shared memory, + which uses less cpu. + - make depend, autoconf, doxygen and lint fixed up. + +22 February 2017: Wouter + - Fix #1224: Fix that defaults should not fall back to "Program Files + (x86) if Unbound is 64bit by default on windows. + +21 February 2017: Wouter + - iana portlist update + +16 February 2017: Wouter + - sldns updated for vfixed and buffer resize indication from getdns. + +15 February 2017: Wouter + - sldns has ED25519 and ED448 algorithm number and name for display. + 14 February 2017: Wouter - - tag 1.6.1rc3. + - tag 1.6.1rc3. -- which became 1.6.1 on 21feb, trunk has 1.6.2 13 February 2017: Wouter - Fix autoconf of systemd check for lack of pkg-config. diff --git a/doc/IP-BasedActions.pdf b/doc/IP-BasedActions.pdf Binary files differnew file mode 100644 index 000000000000..07cec0fa6281 --- /dev/null +++ b/doc/IP-BasedActions.pdf diff --git a/doc/README b/doc/README index acffafacc7d5..8ee9bce56dca 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.6.1 +README for Unbound 1.6.2 Copyright 2007 NLnet Labs http://unbound.net diff --git a/doc/example.conf.in b/doc/example.conf.in index 83e7c5c4c4e9..5b185e0e97e8 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.6.1. +# See unbound.conf(5) man page, version 1.6.2. # # this is a comment. @@ -19,6 +19,14 @@ server: # Set to "" or 0 to disable. Default is disabled. # statistics-interval: 0 + # enable shm for stats, default no. if you enable also enable + # statistics-interval, every time it also writes stats to the + # shared memory segment keyed with shm-key. + # shm-enable: no + + # shm for stats uses this key, and key+1 for the shared mem segment. + # shm-key: 11777 + # enable cumulative statistics, without clearing them after printing. # statistics-cumulative: no @@ -308,6 +316,9 @@ server: # enable to not answer version.server and version.bind queries. # hide-version: no + + # enable to not answer trustanchor.unbound queries. + # hide-trustanchor: no # the identity to report. Leave "" or default to return hostname. # identity: "" @@ -771,7 +782,28 @@ remote-control: # name: "viewname" # local-zone: "example.com" redirect # local-data: "example.com A 192.0.2.3" +# local-data-ptr: "192.0.2.3 www.example.com" # view-first: no # view: # name: "anotherview" # local-zone: "example.com" refuse + +# DNSCrypt +# Caveats: +# 1. the keys/certs cannot be produced by unbound. You can use dnscrypt-wrapper +# for this: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage +# 2. dnscrypt channel attaches to an interface. you MUST set interfaces to +# listen on `dnscrypt-port` with the follo0wing snippet: +# server: +# interface: 0.0.0.0@443 +# interface: ::0@443 +# +# Finally, `dnscrypt` config has its own section. +# dnscrypt: +# dnscrypt-enable: yes +# dnscrypt-port: 443 +# dnscrypt-provider: 2.dnscrypt-cert.example.com. +# dnscrypt-secret-key: /path/unbound-conf/keys1/1.key +# dnscrypt-secret-key: /path/unbound-conf/keys2/1.key +# dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert +# dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 5be1d9019f57..4fa7b19e3e38 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1" +.TH "libunbound" "3" "Apr 24, 2017" "NLnet Labs" "unbound 1.6.2" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -43,7 +43,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.6.1 functions. +\- Unbound DNS validating resolver 1.6.2 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index 06b0f5c89764..1d4f18126184 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1" +.TH "unbound-anchor" "8" "Apr 24, 2017" "NLnet Labs" "unbound 1.6.2" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index ea1cf4eb89cf..e569cd73e899 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1" +.TH "unbound-checkconf" "8" "Apr 24, 2017" "NLnet Labs" "unbound 1.6.2" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index af574d249f7b..14c0ec3b4fcd 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1" +.TH "unbound-control" "8" "Apr 24, 2017" "NLnet Labs" "unbound 1.6.2" .\" .\" unbound-control.8 -- unbound remote control manual .\" diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index eba19e07eb21..95f79d95c83d 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1" +.TH "unbound\-host" "1" "Apr 24, 2017" "NLnet Labs" "unbound 1.6.2" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index 52cd85341e8d..14f819ea8fd8 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1" +.TH "unbound" "8" "Apr 24, 2017" "NLnet Labs" "unbound 1.6.2" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.6.1. +\- Unbound DNS validating resolver 1.6.2. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 45248ac58c4f..75ecc77ed587 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1" +.TH "unbound.conf" "5" "Apr 24, 2017" "NLnet Labs" "unbound 1.6.2" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -596,6 +596,9 @@ If enabled version.server and version.bind queries are refused. Set the version to report. If set to "", the default, then the package version is returned. .TP +.B hide\-trustanchor: \fI<yes or no> +If enabled trustanchor.unbound queries are refused. +.TP .B target\-fetch\-policy: \fI<"list of numbers"> Set the target fetch policy used by unbound to determine if it should fetch nameserver target addresses opportunistically. The policy is described per @@ -782,7 +785,8 @@ frequently. The initial file can be one with contents as described in \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, so the unbound user must have write permission. Write permission to the file, but also to the directory it is in (to create a temporary file, which is -necessary to deal with filesystem full events). +necessary to deal with filesystem full events), it must also be inside the +chroot (if that is used). .TP .B trust\-anchor: \fI<"Resource Record"> A DS or DNSKEY RR for a key to use for validation. Multiple entries can be @@ -1403,6 +1407,10 @@ global local\-zone elements. View specific local\-data elements. Has the same behaviour as the global local\-data elements. .TP +.B local\-data\-ptr: \fI"IPaddr name" +View specific local\-data\-ptr elements. Has the same behaviour as the global +local\-data\-ptr elements. +.TP .B view\-first: \fI<yes or no> If enabled, it attempts to use the global local\-zone and local\-data if there is no match in the view specific options. @@ -1438,6 +1446,79 @@ It must be /96 or shorter. The default prefix is 64:ff9b::/96. .B dns64\-synthall: \fI<yes or no>\fR Debug option, default no. If enabled, synthesize all AAAA records despite the presence of actual AAAA records. +.SS "DNSCrypt Options" +.LP +The +.B dnscrypt: +clause give the settings of the dnscrypt channel. While those options are +available, they are only meaningful if unbound was compiled with +\fB\-\-enable\-dnscrypt\fR. +Currently certificate and secret/public keys cannot be generated by unbound. +You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage +.TP +.B dnscrypt\-enable: \fI<yes or no>\fR +Whether or not the \fBdnscrypt\fR config should be enabled. You may define +configuration but not activate it. +The default is no. +.TP +.B dnscrypt\-port: \fI<port number> +On which port should \fBdnscrypt\fR should be activated. Note that you should +have a matching \fBinterface\fR option defined in the \fBserver\fR section for +this port. +.TP +.B dnscrypt\-provider: \fI<provider name>\fR +The provider name to use to distribute certificates. This is of the form: +\fB2.dnscrypt-cert.example.com.\fR. The name \fIMUST\fR end with a dot. +.TP +.B dnscrypt\-secret\-key: \fI<path to secret key file>\fR +Path to the time limited secret key file. This option may be specified multiple +times. +.TP +.B dnscrypt\-provider\-cert: \fI<path to cert file>\fR +Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs. This option +may be specified multiple times. +.SS "EDNS Client Subnet Module Options" +.LP +The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache +validator iterator" directive and be compiled into the daemon to be +enabled. These settings go in the \fBserver:\fR section. +.LP +If the destination address is whitelisted with Unbound will add the EDNS0 option +to the query containing the relevant part of the client's address. When an +answer contains the ECS option the response and the option are placed in a +specialized cache. If the authority indicated no support, the response is stored +in the regular cache. +.LP +Additionally, when a client includes the option in its queries, Unbound will +forward the option to the authority regardless of the authorities presence in +the whitelist. In this case the lookup in the regular cache is skipped. +.LP +The maximum size of the ECS cache is controlled by 'msg-cache-size' in the +configuration file. On top of that, for each query only 100 different subnets +are allowed to be stored for each address family. Exceeding that number, older +entries will be purged from cache. +.TP +.B send\-client\-subnet: \fI<IP address>\fR +Send client source address to this authority. Append /num to indicate a +classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. Can +be given multiple times. Authorities not listed will not receive edns-subnet +information. +.TP +.B client\-subnet\-always\-forward: \fI<yes or no>\fR +Specify whether the ECS whitelist check (configured using +\fBsend\-client\-subnet\fR) is applied for all queries, even if the triggering +query contains an ECS record, or only for queries for which the ECS record is +generated using the querier address (and therefore did not contain ECS data in +the client query). If enabled, the whitelist check is skipped when the client +query contains an ECS record. Default is no. +.TP +.B max\-client\-subnet\-ipv6: \fI<number>\fR +Specifies the maximum prefix length of the client source address we are willing +to expose to third parties for IPv6. Defaults to 56. +.TP +.B max\-client\-subnet\-ipv4: \fI<number>\fR +Specifies the maximum prefix length of the client source address we are willing +to expose to third parties for IPv4. Defaults to 24. .SH "MEMORY CONTROL EXAMPLE" In the example config settings below memory usage is reduced. Some service levels are lower, notable very large data and a high TCP load are no longer diff --git a/edns-subnet/addrtree.c b/edns-subnet/addrtree.c new file mode 100644 index 000000000000..69ace60549bf --- /dev/null +++ b/edns-subnet/addrtree.c @@ -0,0 +1,531 @@ +/* + * edns-subnet/addrtree.c -- radix tree for edns subnet cache. + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** \file + * addrtree -- radix tree for edns subnet cache. + */ + +#include "config.h" +#include "util/log.h" +#include "util/data/msgreply.h" +#include "util/module.h" +#include "addrtree.h" + +/** + * Create a new edge + * @param node: Child node this edge will connect to. + * @param addr: full key to this edge. + * @param addrlen: length of relevant part of key for this node + * @param parent_node: Parent node for node + * @param parent_index: Index of child node at parent node + * @return new addredge or NULL on failure + */ +static struct addredge * +edge_create(struct addrnode *node, const addrkey_t *addr, + addrlen_t addrlen, struct addrnode *parent_node, int parent_index) +{ + size_t n; + struct addredge *edge = (struct addredge *)malloc( sizeof (*edge) ); + if (!edge) + return NULL; + edge->node = node; + edge->len = addrlen; + edge->parent_index = parent_index; + edge->parent_node = parent_node; + /* ceil() */ + n = (size_t)((addrlen / KEYWIDTH) + ((addrlen % KEYWIDTH != 0)?1:0)); + edge->str = (addrkey_t *)calloc(n, sizeof (addrkey_t)); + if (!edge->str) { + free(edge); + return NULL; + } + memcpy(edge->str, addr, n * sizeof (addrkey_t)); + /* Only manipulate other objects after successful alloc */ + node->parent_edge = edge; + log_assert(parent_node->edge[parent_index] == NULL); + parent_node->edge[parent_index] = edge; + return edge; +} + +/** + * Create a new node + * @param tree: Tree the node lives in. + * @param elem: Element to store at this node + * @param scope: Scopemask from server reply + * @param ttl: Element is valid up to this time. Absolute, seconds + * @return new addrnode or NULL on failure + */ +static struct addrnode * +node_create(struct addrtree *tree, void *elem, addrlen_t scope, + time_t ttl) +{ + struct addrnode* node = (struct addrnode *)malloc( sizeof (*node) ); + if (!node) + return NULL; + node->elem = elem; + tree->node_count++; + node->scope = scope; + node->ttl = ttl; + node->edge[0] = NULL; + node->edge[1] = NULL; + node->parent_edge = NULL; + node->next = NULL; + node->prev = NULL; + return node; +} + +/** Size in bytes of node and parent edge + * @param tree: tree the node lives in + * @param n: node which size must be calculated + * @return size in bytes. + **/ +static inline size_t +node_size(const struct addrtree *tree, const struct addrnode *n) +{ + return sizeof *n + sizeof *n->parent_edge + n->parent_edge->len + + (n->elem?tree->sizefunc(n->elem):0); +} + +struct addrtree * +addrtree_create(addrlen_t max_depth, void (*delfunc)(void *, void *), + size_t (*sizefunc)(void *), void *env, unsigned int max_node_count) +{ + struct addrtree *tree; + log_assert(delfunc != NULL); + log_assert(sizefunc != NULL); + tree = (struct addrtree *)calloc(1, sizeof(*tree)); + if (!tree) + return NULL; + tree->root = node_create(tree, NULL, 0, 0); + if (!tree->root) { + free(tree); + return NULL; + } + tree->size_bytes = sizeof *tree + sizeof *tree->root; + tree->first = NULL; + tree->last = NULL; + tree->max_depth = max_depth; + tree->delfunc = delfunc; + tree->sizefunc = sizefunc; + tree->env = env; + tree->node_count = 0; + tree->max_node_count = max_node_count; + return tree; +} + +/** + * Scrub a node clean of elem + * @param tree: tree the node lives in. + * @param node: node to be cleaned. + */ +static void +clean_node(struct addrtree *tree, struct addrnode *node) +{ + if (!node->elem) return; + tree->size_bytes -= tree->sizefunc(node->elem); + tree->delfunc(tree->env, node->elem); + node->elem = NULL; +} + +/** Remove specified node from LRU list */ +static void +lru_pop(struct addrtree *tree, struct addrnode *node) +{ + if (node == tree->first) { + if (!node->next) { /* it is the last as well */ + tree->first = NULL; + tree->last = NULL; + } else { + tree->first = node->next; + tree->first->prev = NULL; + } + } else if (node == tree->last) { /* but not the first */ + tree->last = node->prev; + tree->last->next = NULL; + } else { + node->prev->next = node->next; + node->next->prev = node->prev; + } +} + +/** Add node to LRU list as most recently used. */ +static void +lru_push(struct addrtree *tree, struct addrnode *node) +{ + if (!tree->first) { + tree->first = node; + node->prev = NULL; + } else { + tree->last->next = node; + node->prev = tree->last; + } + tree->last = node; + node->next = NULL; +} + +/** Move node to the end of LRU list */ +static void +lru_update(struct addrtree *tree, struct addrnode *node) +{ + if (tree->root == node) return; + lru_pop(tree, node); + lru_push(tree, node); +} + +/** + * Purge a node from the tree. Node and parentedge are cleaned and + * free'd. + * @param tree: Tree the node lives in. + * @param node: Node to be freed + */ +static void +purge_node(struct addrtree *tree, struct addrnode *node) +{ + struct addredge *parent_edge, *child_edge = NULL; + int index; + int keep = node->edge[0] && node->edge[1]; + + clean_node(tree, node); + parent_edge = node->parent_edge; + if (keep || !parent_edge) return; + tree->node_count--; + index = parent_edge->parent_index; + child_edge = node->edge[!node->edge[0]]; + if (child_edge) { + child_edge->parent_node = parent_edge->parent_node; + child_edge->parent_index = index; + } + parent_edge->parent_node->edge[index] = child_edge; + tree->size_bytes -= node_size(tree, node); + free(parent_edge->str); + free(parent_edge); + lru_pop(tree, node); + free(node); +} + +/** + * If a limit is set remove old nodes while above that limit. + * @param tree: Tree to be cleaned up. + */ +static void +lru_cleanup(struct addrtree *tree) +{ + struct addrnode *n, *p; + int children; + if (tree->max_node_count == 0) return; + while (tree->node_count > tree->max_node_count) { + n = tree->first; + if (!n) break; + children = (n->edge[0] != NULL) + (n->edge[1] != NULL); + /** Don't remove this node, it is either the root or we can't + * do without it because it has 2 children */ + if (children == 2 || !n->parent_edge) { + lru_update(tree, n); + continue; + } + p = n->parent_edge->parent_node; + purge_node(tree, n); + /** Since we removed n, n's parent p is eligible for deletion + * if it is not the root node, caries no data and has only 1 + * child */ + children = (p->edge[0] != NULL) + (p->edge[1] != NULL); + if (!p->elem && children == 1 && p->parent_edge) { + purge_node(tree, p); + } + } +} + +inline size_t +addrtree_size(const struct addrtree *tree) +{ + return tree?tree->size_bytes:0; +} + +void addrtree_delete(struct addrtree *tree) +{ + struct addrnode *n; + if (!tree) return; + clean_node(tree, tree->root); + free(tree->root); + tree->size_bytes -= sizeof(struct addrnode); + while ((n = tree->first)) { + tree->first = n->next; + clean_node(tree, n); + tree->size_bytes -= node_size(tree, n); + free(n->parent_edge->str); + free(n->parent_edge); + free(n); + } + log_assert(sizeof *tree == addrtree_size(tree)); + free(tree); +} + +/** + * Get N'th bit from address + * @param addr: address to inspect + * @param addrlen: length of addr in bits + * @param n: index of bit to test. Must be in range [0, addrlen) + * @return 0 or 1 + */ +static int +getbit(const addrkey_t *addr, addrlen_t addrlen, addrlen_t n) +{ + log_assert(addrlen > n); + return (int)(addr[n/KEYWIDTH]>>((KEYWIDTH-1)-(n%KEYWIDTH))) & 1; +} + +/** + * Test for equality on N'th bit. + * @return 0 for equal, 1 otherwise + */ +static inline int +cmpbit(const addrkey_t *key1, const addrkey_t *key2, addrlen_t n) +{ + addrkey_t c = key1[n/KEYWIDTH] ^ key2[n/KEYWIDTH]; + return (int)(c >> ((KEYWIDTH-1)-(n%KEYWIDTH))) & 1; +} + +/** + * Common number of bits in prefix. + * @param s1: first prefix. + * @param l1: length of s1 in bits. + * @param s2: second prefix. + * @param l2: length of s2 in bits. + * @param skip: nr of bits already checked. + * @return common number of bits. + */ +static addrlen_t +bits_common(const addrkey_t *s1, addrlen_t l1, + const addrkey_t *s2, addrlen_t l2, addrlen_t skip) +{ + addrlen_t len, i; + len = (l1 > l2) ? l2 : l1; + log_assert(skip < len); + for (i = skip; i < len; i++) { + if (cmpbit(s1, s2, i)) return i; + } + return len; +} + +/** + * Tests if s1 is a substring of s2 + * @param s1: first prefix. + * @param l1: length of s1 in bits. + * @param s2: second prefix. + * @param l2: length of s2 in bits. + * @param skip: nr of bits already checked. + * @return 1 for substring, 0 otherwise + */ +static int +issub(const addrkey_t *s1, addrlen_t l1, + const addrkey_t *s2, addrlen_t l2, addrlen_t skip) +{ + return bits_common(s1, l1, s2, l2, skip) == l1; +} + +void +addrtree_insert(struct addrtree *tree, const addrkey_t *addr, + addrlen_t sourcemask, addrlen_t scope, void *elem, time_t ttl, + time_t now) +{ + struct addrnode *newnode, *node; + struct addredge *edge; + int index; + addrlen_t common, depth; + + node = tree->root; + log_assert(node != NULL); + + /* Protect our cache against too much fine-grained data */ + if (tree->max_depth < scope) scope = tree->max_depth; + /* Server answer was less specific than question */ + if (scope < sourcemask) sourcemask = scope; + + depth = 0; + while (1) { + log_assert(depth <= sourcemask); + /* Case 1: update existing node */ + if (depth == sourcemask) { + /* update this node's scope and data */ + clean_node(tree, node); + node->ttl = ttl; + node->elem = elem; + node->scope = scope; + tree->size_bytes += tree->sizefunc(elem); + return; + } + index = getbit(addr, sourcemask, depth); + /* Get an edge to an unexpired node */ + edge = node->edge[index]; + while (edge) { + /* Purge all expired nodes on path */ + if (!edge->node->elem || edge->node->ttl >= now) + break; + purge_node(tree, edge->node); + edge = node->edge[index]; + } + /* Case 2: New leafnode */ + if (!edge) { + newnode = node_create(tree, elem, scope, ttl); + if (!newnode) return; + if (!edge_create(newnode, addr, sourcemask, node, + index)) { + clean_node(tree, newnode); + tree->node_count--; + free(newnode); + return; + } + tree->size_bytes += node_size(tree, newnode); + lru_push(tree, newnode); + lru_cleanup(tree); + return; + } + /* Case 3: Traverse edge */ + common = bits_common(edge->str, edge->len, addr, sourcemask, + depth); + if (common == edge->len) { + /* We update the scope of intermediate nodes. Apparently + * the * authority changed its mind. If we would not do + * this we might not be able to reach our new node. */ + node->scope = scope; + depth = edge->len; + node = edge->node; + continue; + } + /* Case 4: split. */ + if (!(newnode = node_create(tree, NULL, 0, 0))) + return; + node->edge[index] = NULL; + if (!edge_create(newnode, addr, common, node, index)) { + node->edge[index] = edge; + clean_node(tree, newnode); + tree->node_count--; + free(newnode); + return; + } + lru_push(tree, newnode); + /* connect existing child to our new node */ + index = getbit(edge->str, edge->len, common); + newnode->edge[index] = edge; + edge->parent_node = newnode; + edge->parent_index = (int)index; + + if (common == sourcemask) { + /* Data is stored in the node */ + newnode->elem = elem; + newnode->scope = scope; + newnode->ttl = ttl; + } + + tree->size_bytes += node_size(tree, newnode); + + if (common != sourcemask) { + /* Data is stored in other leafnode */ + node = newnode; + newnode = node_create(tree, elem, scope, ttl); + if (!edge_create(newnode, addr, sourcemask, node, + index^1)) { + clean_node(tree, newnode); + tree->node_count--; + free(newnode); + return; + } + tree->size_bytes += node_size(tree, newnode); + lru_push(tree, newnode); + } + lru_cleanup(tree); + return; + } +} + +struct addrnode * +addrtree_find(struct addrtree *tree, const addrkey_t *addr, + addrlen_t sourcemask, time_t now) +{ + struct addrnode *node = tree->root; + struct addredge *edge = NULL; + addrlen_t depth = 0; + + log_assert(node != NULL); + while (1) { + /* Current node more specific then question. */ + log_assert(depth <= sourcemask); + /* does this node have data? if yes, see if we have a match */ + if (node->elem && node->ttl >= now) { + /* saved at wrong depth */; + log_assert(node->scope >= depth) + if (depth == node->scope || + (node->scope > sourcemask && + depth == sourcemask)) { + /* Authority indicates it does not have a more + * precise answer or we cannot ask a more + * specific question. */ + lru_update(tree, node); + return node; + } + } + /* This is our final depth, but we haven't found an answer. */ + if (depth == sourcemask) + return NULL; + /* Find an edge to traverse */ + edge = node->edge[getbit(addr, sourcemask, depth)]; + if (!edge || !edge->node) + return NULL; + if (edge->len > sourcemask ) + return NULL; + if (!issub(edge->str, edge->len, addr, sourcemask, depth)) + return NULL; + log_assert(depth < edge->len); + depth = edge->len; + node = edge->node; + } +} + +/** Wrappers for static functions to unit test */ +int unittest_wrapper_addrtree_cmpbit(const addrkey_t *key1, + const addrkey_t *key2, addrlen_t n) { + return cmpbit(key1, key2, n); +} +addrlen_t unittest_wrapper_addrtree_bits_common(const addrkey_t *s1, + addrlen_t l1, const addrkey_t *s2, addrlen_t l2, addrlen_t skip) { + return bits_common(s1, l1, s2, l2, skip); +} +int unittest_wrapper_addrtree_getbit(const addrkey_t *addr, + addrlen_t addrlen, addrlen_t n) { + return getbit(addr, addrlen, n); +} +int unittest_wrapper_addrtree_issub(const addrkey_t *s1, addrlen_t l1, + const addrkey_t *s2, addrlen_t l2, addrlen_t skip) { + return issub(s1, l1, s2, l2, skip); +} diff --git a/edns-subnet/addrtree.h b/edns-subnet/addrtree.h new file mode 100644 index 000000000000..857e677f9001 --- /dev/null +++ b/edns-subnet/addrtree.h @@ -0,0 +1,187 @@ +/* + * edns-subnet/addrtree.h -- radix tree for edns subnet cache. + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * The addrtree is a radix tree designed for edns subnet. Most notable + * is the addition of 'scope' to a node. Scope is only relevant for + * nodes with elem set, it indicates the number of bits the authority + * desires. + * + * For retrieving data one needs an address and address length + * (sourcemask). While traversing the tree the first matching node is + * returned. A node matches when + * node.scope<=sourcemask && node.elem!=NULL + * (This is the most specific answer the authority has.) + * or + * node.sourcemask==sourcemask && node.elem!=NULL + * (This is the most specific question the client can ask.) + * + * Insertion needs an address, sourcemask and scope. The length of the + * address is capped by min(sourcemask, scope). While traversing the + * tree the scope of all visited nodes is updated. This ensures we are + * always able to find the most specific answer available. + */ + +#ifndef ADDRTREE_H +#define ADDRTREE_H + +typedef uint8_t addrlen_t; +typedef uint8_t addrkey_t; +#define KEYWIDTH 8 + +struct addrtree { + struct addrnode *root; + /** Number of elements in the tree (not always equal to number of + * nodes) */ + unsigned int node_count; + /** Maximum number of allowed nodes, will be enforced by LRU list. + * Excluding the root node, 0 for unlimited */ + unsigned int max_node_count; + /** Size of tree in bytes */ + size_t size_bytes; + /** Maximum prefix length we are willing to cache. */ + addrlen_t max_depth; + /** External function to delete elem. Called as + * delfunc(addrnode->elem, addrtree->env) */ + void (*delfunc)(void *, void *); + /** Environment for delfunc */ + void *env; + /** External function returning size of elem. Called as + * sizefunc(addrnode->elem) */ + size_t (*sizefunc)(void *); + /** first node in LRU list, first candidate to go */ + struct addrnode* first; + /** last node in LRU list, last candidate to go */ + struct addrnode *last; +}; + +struct addrnode { + /** Payload of node, may be NULL */ + void *elem; + /** Abs time in seconds in which elem is meaningful */ + time_t ttl; + /** Number of significant bits in address. */ + addrlen_t scope; + /** A node can have 0-2 edges, set to NULL for unused */ + struct addredge *edge[2]; + /** edge between this node and parent */ + struct addredge *parent_edge; + /** previous node in LRU list */ + struct addrnode *prev; + /** next node in LRU list */ + struct addrnode *next; +}; + +struct addredge { + /** address of connected node */ + addrkey_t *str; + /** lenght in bits of str */ + addrlen_t len; + /** child node this edge is connected to */ + struct addrnode *node; + /** Parent node this ege is connected to */ + struct addrnode *parent_node; + /** Index of this edge in parent_node */ + int parent_index; +}; + +/** + * Size of tree in bytes. + * @param tree: Tree. + * @return size of tree in bytes. + */ +size_t addrtree_size(const struct addrtree *tree); + +/** + * Create a new tree. + * @param max_depth: Tree will cap keys to this length. + * @param delfunc: f(element, env) delete element. + * @param sizefunc: f(element) returning the size of element. + * @param env: Module environment for alloc information. + * @param max_node_count: Maximum size of this data structure in nodes. + * 0 for unlimited. + * @return new addrtree or NULL on failure. + */ +struct addrtree * +addrtree_create(addrlen_t max_depth, void (*delfunc)(void *, void *), + size_t (*sizefunc)(void *), void *env, unsigned int max_node_count); + +/** + * Free tree and all nodes below. + * @param tree: Tree to be freed. + */ +void addrtree_delete(struct addrtree *tree); + +/** + * Insert an element in the tree. Failures are silent. Sourcemask and + * scope might be changed according to local policy. Caller should no + * longer access elem, it could be free'd now or later during future + * inserts. + * + * @param tree: Tree insert elem in. + * @param addr: key for element lookup. + * @param sourcemask: Length of addr in bits. + * @param scope: Number of significant bits in addr. + * @param elem: data to store in the tree. + * @param ttl: elem is valid up to this time, seconds. + * @param now: Current time in seconds. + */ +void addrtree_insert(struct addrtree *tree, const addrkey_t *addr, + addrlen_t sourcemask, addrlen_t scope, void *elem, time_t ttl, + time_t now); + +/** + * Find a node containing an element in the tree. + * + * @param tree: Tree to search. + * @param addr: key for element lookup. + * @param sourcemask: Length of addr in bits. + * @param now: Current time in seconds. + * @return addrnode or NULL on miss. + */ +struct addrnode * addrtree_find(struct addrtree *tree, + const addrkey_t *addr, addrlen_t sourcemask, time_t now); + +/** Wrappers for static functions to unit test */ +int unittest_wrapper_addrtree_cmpbit(const addrkey_t *key1, + const addrkey_t *key2, addrlen_t n); +addrlen_t unittest_wrapper_addrtree_bits_common(const addrkey_t *s1, + addrlen_t l1, const addrkey_t *s2, addrlen_t l2, addrlen_t skip); +int unittest_wrapper_addrtree_getbit(const addrkey_t *addr, + addrlen_t addrlen, addrlen_t n); +int unittest_wrapper_addrtree_issub(const addrkey_t *s1, addrlen_t l1, + const addrkey_t *s2, addrlen_t l2, addrlen_t skip); +#endif /* ADDRTREE_H */ diff --git a/edns-subnet/edns-subnet.c b/edns-subnet/edns-subnet.c new file mode 100644 index 000000000000..4c93192faf38 --- /dev/null +++ b/edns-subnet/edns-subnet.c @@ -0,0 +1,65 @@ +/* + * edns-subnet/edns-subnet.c - Subnet option related constants + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * Subnet option related constants. + */ + +#include "config.h" + +#ifdef CLIENT_SUBNET /* keeps splint happy */ +#include "edns-subnet/edns-subnet.h" +#include <string.h> + +int +copy_clear(uint8_t* dst, size_t dstlen, uint8_t* src, size_t srclen, size_t n) +{ + size_t intpart = n / 8; /* bytes */ + size_t fracpart = n % 8; /* bits */ + size_t written = intpart; + if (intpart > dstlen || intpart > srclen) + return 1; + if (fracpart && (intpart+1 > dstlen || intpart+1 > srclen)) + return 1; + memcpy(dst, src, intpart); + if (fracpart) { + dst[intpart] = src[intpart] & ~(0xFF >> fracpart); + written++; + } + memset(dst + written, 0, dstlen - written); + return 0; +} + +#endif /* CLIENT_SUBNET */ diff --git a/edns-subnet/edns-subnet.h b/edns-subnet/edns-subnet.h new file mode 100644 index 000000000000..4b306080ad6d --- /dev/null +++ b/edns-subnet/edns-subnet.h @@ -0,0 +1,67 @@ +/* + * edns-subnet/edns-subnet.h - Subnet option related constants + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * Subnet option related constants. + */ + +#include "util/net_help.h" + +#ifndef EDNSSUBNET_EDNSSUBNET_H +#define EDNSSUBNET_EDNSSUBNET_H + +/** In use by the edns subnet option code, as assigned by IANA */ +#define EDNSSUBNET_ADDRFAM_IP4 1 +#define EDNSSUBNET_ADDRFAM_IP6 2 + +/** + * ECS option + */ +struct ecs_data { + uint16_t subnet_addr_fam; + uint8_t subnet_source_mask; + uint8_t subnet_scope_mask; + uint8_t subnet_addr[INET6_SIZE]; + int subnet_validdata; +}; + +/** + * copy the first n BITS from src to dst iff both src and dst + * are large enough, return 0 on succes + */ +int +copy_clear(uint8_t* dst, size_t dstlen, uint8_t* src, size_t srclen, size_t n); + +#endif /* EDNSSUBNET_EDNSSUBNET_H */ diff --git a/edns-subnet/subnet-whitelist.c b/edns-subnet/subnet-whitelist.c new file mode 100644 index 000000000000..1cfdb4be3c5a --- /dev/null +++ b/edns-subnet/subnet-whitelist.c @@ -0,0 +1,153 @@ +/* + * edns-subnet/subnet-whitelist.c - Hosts we actively try to send subnet option + * to. + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * + * Keep track of the white listed servers for subnet option. Based + * on acl_list.c|h + */ + +#include "config.h" + +#ifdef CLIENT_SUBNET /* keeps splint happy */ +#include "edns-subnet/edns-subnet.h" +#include "edns-subnet/subnet-whitelist.h" +#include "util/regional.h" +#include "util/log.h" +#include "util/config_file.h" +#include "util/net_help.h" +#include "util/storage/dnstree.h" + +struct ednssubnet_upstream* +upstream_create(void) +{ + struct ednssubnet_upstream* upstream = + (struct ednssubnet_upstream*)calloc(1, + sizeof(struct ednssubnet_upstream)); + if(!upstream) + return NULL; + upstream->region = regional_create(); + if(!upstream->region) { + upstream_delete(upstream); + return NULL; + } + return upstream; +} + +void +upstream_delete(struct ednssubnet_upstream* upstream) +{ + if(!upstream) + return; + regional_destroy(upstream->region); + free(upstream); +} + +/** insert new address into upstream structure */ +static int +upstream_insert(struct ednssubnet_upstream* upstream, + struct sockaddr_storage* addr, socklen_t addrlen, int net) +{ + struct addr_tree_node* node = (struct addr_tree_node*)regional_alloc( + upstream->region, sizeof(*node)); + if(!node) + return 0; + if(!addr_tree_insert(&upstream->tree, node, addr, addrlen, net)) { + verbose(VERB_QUERY, + "duplicate send-client-subnet address ignored."); + } + return 1; +} + +/** apply edns-subnet string */ +static int +upstream_str_cfg(struct ednssubnet_upstream* upstream, const char* str) +{ + struct sockaddr_storage addr; + int net; + socklen_t addrlen; + verbose(VERB_ALGO, "send-client-subnet: %s", str); + if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { + log_err("cannot parse send-client-subnet netblock: %s", str); + return 0; + } + if(!upstream_insert(upstream, &addr, addrlen, net)) { + log_err("out of memory"); + return 0; + } + return 1; +} + +/** read client_subnet config */ +static int +read_upstream(struct ednssubnet_upstream* upstream, struct config_file* cfg) +{ + struct config_strlist* p; + for(p = cfg->client_subnet; p; p = p->next) { + log_assert(p->str); + if(!upstream_str_cfg(upstream, p->str)) + return 0; + } + return 1; +} + +int +upstream_apply_cfg(struct ednssubnet_upstream* upstream, + struct config_file* cfg) +{ + regional_free_all(upstream->region); + addr_tree_init(&upstream->tree); + if(!read_upstream(upstream, cfg)) + return 0; + addr_tree_init_parents(&upstream->tree); + return 1; +} + +int +upstream_is_whitelisted(struct ednssubnet_upstream* upstream, + struct sockaddr_storage* addr, socklen_t addrlen) +{ + return addr_tree_lookup(&upstream->tree, addr, addrlen) != NULL; +} + +size_t +upstream_get_mem(struct ednssubnet_upstream* upstream) +{ + if(!upstream) return 0; + return sizeof(*upstream) + regional_get_mem(upstream->region); +} + +#endif /* CLIENT_SUBNET */ diff --git a/edns-subnet/subnet-whitelist.h b/edns-subnet/subnet-whitelist.h new file mode 100644 index 000000000000..c08b40d86aba --- /dev/null +++ b/edns-subnet/subnet-whitelist.h @@ -0,0 +1,102 @@ +/* + * edns-subnet/subnet-whitelist.h - Hosts we actively try to send subnet option + * to. + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * + * Keep track of the white listed servers for subnet option. Based + * on acl_list.c|h + */ + +#ifndef EDNSSUBNET_WHITELIST_H +#define EDNSSUBNET_WHITELIST_H +#include "util/storage/dnstree.h" + +struct config_file; +struct regional; + +/** + * ednssubnet_upstream structure + */ +struct ednssubnet_upstream { + /** regional for allocation */ + struct regional* region; + /** + * Tree of the address spans that are whitelisted. + * contents of type addr_tree_node. Each node is an address span + * Unbound will append subnet option for. + */ + rbtree_type tree; +}; + +/** + * Create ednssubnet_upstream structure + * @return new structure or NULL on error. + */ +struct ednssubnet_upstream* upstream_create(void); + +/** + * Delete ednssubnet_upstream structure. + * @param upstream: to delete. + */ +void upstream_delete(struct ednssubnet_upstream* upstream); + +/** + * Process ednssubnet_upstream config. + * @param upstream: where to store. + * @param cfg: config options. + * @return 0 on error. + */ +int upstream_apply_cfg(struct ednssubnet_upstream* upstream, + struct config_file* cfg); + +/** + * See if an address is whitelisted. + * @param upstream: structure for address storage. + * @param addr: address to check + * @param addrlen: length of addr. + * @return: true if the address is whitelisted for subnet option. + */ +int upstream_is_whitelisted(struct ednssubnet_upstream* upstream, + struct sockaddr_storage* addr, socklen_t addrlen); + +/** + * Get memory used by ednssubnet_upstream structure. + * @param upstream: structure for address storage. + * @return bytes in use. + */ +size_t upstream_get_mem(struct ednssubnet_upstream* upstream); + +#endif /* EDNSSUBNET_WHITELIST_H */ diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c new file mode 100644 index 000000000000..4008004e4a32 --- /dev/null +++ b/edns-subnet/subnetmod.c @@ -0,0 +1,808 @@ +/* + * edns-subnet/subnetmod.c - edns subnet module. Must be called before validator + * and iterator. + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + /** + * \file + * subnet module for unbound. + */ + +#include "config.h" + +#ifdef CLIENT_SUBNET /* keeps splint happy */ + +#include "edns-subnet/subnetmod.h" +#include "edns-subnet/edns-subnet.h" +#include "edns-subnet/addrtree.h" +#include "edns-subnet/subnet-whitelist.h" + +#include "services/mesh.h" +#include "services/cache/dns.h" +#include "util/module.h" +#include "util/regional.h" +#include "util/storage/slabhash.h" +#include "util/config_file.h" +#include "util/data/msgreply.h" +#include "sldns/sbuffer.h" + +#define ECS_MAX_TREESIZE 100 + +/** externally called */ +void +subnet_data_delete(void *d, void *ATTR_UNUSED(arg)) +{ + struct subnet_msg_cache_data *r; + r = (struct subnet_msg_cache_data*)d; + addrtree_delete(r->tree4); + addrtree_delete(r->tree6); + free(r); +} + +/** externally called */ +size_t +msg_cache_sizefunc(void *k, void *d) +{ + struct msgreply_entry *q = (struct msgreply_entry*)k; + struct subnet_msg_cache_data *r = (struct subnet_msg_cache_data*)d; + size_t s = sizeof(struct msgreply_entry) + + sizeof(struct subnet_msg_cache_data) + + q->key.qname_len + lock_get_mem(&q->entry.lock); + s += addrtree_size(r->tree4); + s += addrtree_size(r->tree6); + return s; +} + +/** new query for ecs module */ +static int +subnet_new_qstate(struct module_qstate *qstate, int id) +{ + struct subnet_qstate *sq = (struct subnet_qstate*)regional_alloc( + qstate->region, sizeof(struct subnet_qstate)); + if(!sq) + return 0; + qstate->minfo[id] = sq; + memset(sq, 0, sizeof(*sq)); + return 1; +} + +/** Add ecs struct to edns list, after parsing it to wire format. */ +static void +ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list, + struct module_qstate *qstate) +{ + size_t sn_octs, sn_octs_remainder; + sldns_buffer* buf = qstate->env->scratch_buffer; + + if(ecs->subnet_validdata) { + log_assert(ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4 || + ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP6); + log_assert(ecs->subnet_addr_fam != EDNSSUBNET_ADDRFAM_IP4 || + ecs->subnet_source_mask <= INET_SIZE*8); + log_assert(ecs->subnet_addr_fam != EDNSSUBNET_ADDRFAM_IP6 || + ecs->subnet_source_mask <= INET6_SIZE*8); + + sn_octs = ecs->subnet_source_mask / 8; + sn_octs_remainder = + (size_t)((ecs->subnet_source_mask % 8)>0?1:0); + + log_assert(sn_octs + sn_octs_remainder <= INET6_SIZE); + + sldns_buffer_clear(buf); + sldns_buffer_write_u16(buf, ecs->subnet_addr_fam); + sldns_buffer_write_u8(buf, ecs->subnet_source_mask); + sldns_buffer_write_u8(buf, ecs->subnet_scope_mask); + sldns_buffer_write(buf, ecs->subnet_addr, sn_octs); + if(sn_octs_remainder) + sldns_buffer_write_u8(buf, ecs->subnet_addr[sn_octs] & + ~(0xFF >> (ecs->subnet_source_mask % 8))); + sldns_buffer_flip(buf); + + edns_opt_list_append(list, + qstate->env->cfg->client_subnet_opcode, + sn_octs + sn_octs_remainder + 4, + sldns_buffer_begin(buf), qstate->region); + } +} + +int ecs_whitelist_check(struct query_info* ATTR_UNUSED(qinfo), + uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate, + struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), + struct regional* ATTR_UNUSED(region), int id, void* ATTR_UNUSED(cbargs)) +{ + struct subnet_qstate *sq; + struct subnet_env *sn_env; + + if(!(sq=(struct subnet_qstate*)qstate->minfo[id])) + return 1; + sn_env = (struct subnet_env*)qstate->env->modinfo[id]; + + /* Cache by default, might be disabled after parsing EDNS option + * received from nameserver. */ + qstate->no_cache_store = 0; + + if(sq->ecs_server_out.subnet_validdata && ((sq->subnet_downstream && + qstate->env->cfg->client_subnet_always_forward) || + upstream_is_whitelisted(sn_env->edns_subnet_upstreams, + addr, addrlen))) { + /* Address on whitelist or client query contains ECS option, we + * want to sent out ECS. Only add option if it is not already + * set. */ + if(!(sq->subnet_sent)) { + ecs_opt_list_append(&sq->ecs_server_out, + &qstate->edns_opts_back_out, qstate); + sq->subnet_sent = 1; + } + } + else if(sq->subnet_sent) { + /* Outgoing ECS option is set, but we don't want to sent it to + * this address, remove option. */ + edns_opt_list_remove(&qstate->edns_opts_back_out, + qstate->env->cfg->client_subnet_opcode); + sq->subnet_sent = 0; + } + return 1; +} + + +int +subnetmod_init(struct module_env *env, int id) +{ + struct subnet_env *sn_env = (struct subnet_env*)calloc(1, + sizeof(struct subnet_env)); + if(!sn_env) { + log_err("malloc failure"); + return 0; + } + alloc_init(&sn_env->alloc, NULL, 0); + env->modinfo[id] = (void*)sn_env; + /* Copy msg_cache settings */ + sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs, + HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size, + msg_cache_sizefunc, query_info_compare, query_entry_delete, + subnet_data_delete, NULL); + if(!sn_env->subnet_msg_cache) { + log_err("subnet: could not create cache"); + free(sn_env); + env->modinfo[id] = NULL; + return 0; + } + /* whitelist for edns subnet capable servers */ + sn_env->edns_subnet_upstreams = upstream_create(); + if(!sn_env->edns_subnet_upstreams || + !upstream_apply_cfg(sn_env->edns_subnet_upstreams, env->cfg)) { + log_err("subnet: could not create ECS whitelist"); + slabhash_delete(sn_env->subnet_msg_cache); + free(sn_env); + env->modinfo[id] = NULL; + return 0; + } + + verbose(VERB_QUERY, "subnet: option registered (%d)", + env->cfg->client_subnet_opcode); + /* Create new mesh state for all queries. */ + env->unique_mesh = 1; + if(!edns_register_option(env->cfg->client_subnet_opcode, + env->cfg->client_subnet_always_forward /* bypass cache */, + 0 /* no aggregation */, env)) { + log_err("subnet: could not register opcode"); + upstream_delete(sn_env->edns_subnet_upstreams); + slabhash_delete(sn_env->subnet_msg_cache); + free(sn_env); + env->modinfo[id] = NULL; + return 0; + } + inplace_cb_register((void*)ecs_whitelist_check, inplace_cb_query, NULL, + env, id); + inplace_cb_register((void*)ecs_edns_back_parsed, + inplace_cb_edns_back_parsed, NULL, env, id); + inplace_cb_register((void*)ecs_query_response, + inplace_cb_query_response, NULL, env, id); + lock_rw_init(&sn_env->biglock); + return 1; +} + +void +subnetmod_deinit(struct module_env *env, int id) +{ + struct subnet_env *sn_env; + if(!env || !env->modinfo[id]) + return; + sn_env = (struct subnet_env*)env->modinfo[id]; + lock_rw_destroy(&sn_env->biglock); + inplace_cb_delete(env, inplace_cb_edns_back_parsed, id); + inplace_cb_delete(env, inplace_cb_query, id); + upstream_delete(sn_env->edns_subnet_upstreams); + slabhash_delete(sn_env->subnet_msg_cache); + alloc_clear(&sn_env->alloc); + free(sn_env); + env->modinfo[id] = NULL; +} + +/** Tells client that upstream has no/improper support */ +static void +cp_edns_bad_response(struct ecs_data *target, struct ecs_data *source) +{ + target->subnet_scope_mask = 0; + target->subnet_source_mask = source->subnet_source_mask; + target->subnet_addr_fam = source->subnet_addr_fam; + memcpy(target->subnet_addr, source->subnet_addr, INET6_SIZE); + target->subnet_validdata = 1; +} + +static void +delfunc(void *envptr, void *elemptr) { + struct reply_info *elem = (struct reply_info *)elemptr; + struct subnet_env *env = (struct subnet_env *)envptr; + reply_info_parsedelete(elem, &env->alloc); +} + +static size_t +sizefunc(void *elemptr) { + struct reply_info *elem = (struct reply_info *)elemptr; + return sizeof (struct reply_info) - sizeof (struct rrset_ref) + + elem->rrset_count * sizeof (struct rrset_ref) + + elem->rrset_count * sizeof (struct ub_packed_rrset_key *); +} + +/** + * Select tree from cache entry based on edns data. + * If for address family not present it will create a new one. + * NULL on failure to create. */ +static struct addrtree* +get_tree(struct subnet_msg_cache_data *data, struct ecs_data *edns, + struct subnet_env *env, struct config_file* cfg) +{ + struct addrtree *tree; + if (edns->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4) { + if (!data->tree4) + data->tree4 = addrtree_create( + cfg->max_client_subnet_ipv4, &delfunc, + &sizefunc, env, ECS_MAX_TREESIZE); + tree = data->tree4; + } else { + if (!data->tree6) + data->tree6 = addrtree_create( + cfg->max_client_subnet_ipv6, &delfunc, + &sizefunc, env, ECS_MAX_TREESIZE); + tree = data->tree6; + } + return tree; +} + +static void +update_cache(struct module_qstate *qstate, int id) +{ + struct msgreply_entry *mrep_entry; + struct addrtree *tree; + struct reply_info *rep; + struct query_info qinf; + struct subnet_env *sne = qstate->env->modinfo[id]; + struct subnet_qstate *sq = (struct subnet_qstate*)qstate->minfo[id]; + struct slabhash *subnet_msg_cache = sne->subnet_msg_cache; + struct ecs_data *edns = &sq->ecs_client_in; + size_t i; + + /* We already calculated hash upon lookup */ + hashvalue_type h = qstate->minfo[id] ? + ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash : + query_info_hash(&qstate->qinfo, qstate->query_flags); + /* Step 1, general qinfo lookup */ + struct lruhash_entry *lru_entry = slabhash_lookup(subnet_msg_cache, h, + &qstate->qinfo, 1); + int acquired_lock = (lru_entry != NULL); + if (!lru_entry) { + qinf = qstate->qinfo; + qinf.qname = memdup(qstate->qinfo.qname, + qstate->qinfo.qname_len); + if(!qinf.qname) { + log_err("memdup failed"); + return; + } + mrep_entry = query_info_entrysetup(&qinf, NULL, h); + free(qinf.qname); /* if qname 'consumed', it is set to NULL */ + if (!mrep_entry) { + log_err("query_info_entrysetup failed"); + return; + } + lru_entry = &mrep_entry->entry; + lru_entry->data = calloc(1, + sizeof(struct subnet_msg_cache_data)); + if (!lru_entry->data) { + log_err("malloc failed"); + return; + } + } + /* Step 2, find the correct tree */ + if (!(tree = get_tree(lru_entry->data, edns, sne, qstate->env->cfg))) { + if (acquired_lock) lock_rw_unlock(&lru_entry->lock); + log_err("Subnet cache insertion failed"); + return; + } + rep = reply_info_copy(qstate->return_msg->rep, &sne->alloc, NULL); + if (!rep) { + if (acquired_lock) lock_rw_unlock(&lru_entry->lock); + log_err("Subnet cache insertion failed"); + return; + } + + /* store RRsets */ + for(i=0; i<rep->rrset_count; i++) { + rep->ref[i].key = rep->rrsets[i]; + rep->ref[i].id = rep->rrsets[i]->id; + } + reply_info_set_ttls(rep, *qstate->env->now); + rep->flags |= (BIT_RA | BIT_QR); /* fix flags to be sensible for */ + rep->flags &= ~(BIT_AA | BIT_CD);/* a reply based on the cache */ + addrtree_insert(tree, (addrkey_t*)edns->subnet_addr, + edns->subnet_source_mask, + sq->ecs_server_in.subnet_scope_mask, rep, + rep->ttl, *qstate->env->now); + if (acquired_lock) { + lock_rw_unlock(&lru_entry->lock); + } else { + slabhash_insert(subnet_msg_cache, h, lru_entry, lru_entry->data, + NULL); + } +} + +/** Lookup in cache and reply true iff reply is sent. */ +static int +lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq) +{ + struct lruhash_entry *e; + struct module_env *env = qstate->env; + struct subnet_env *sne = (struct subnet_env*)env->modinfo[id]; + hashvalue_type h = query_info_hash(&qstate->qinfo, qstate->query_flags); + struct subnet_msg_cache_data *data; + struct ecs_data *ecs = &sq->ecs_client_in; + struct addrtree *tree; + struct addrnode *node; + uint8_t scope; + + memset(&sq->ecs_client_out, 0, sizeof(sq->ecs_client_out)); + + if (sq) sq->qinfo_hash = h; /* Might be useful on cache miss */ + e = slabhash_lookup(sne->subnet_msg_cache, h, &qstate->qinfo, 1); + if (!e) return 0; /* qinfo not in cache */ + data = e->data; + tree = (ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4)? + data->tree4 : data->tree6; + if (!tree) { /* qinfo in cache but not for this family */ + lock_rw_unlock(&e->lock); + return 0; + } + node = addrtree_find(tree, (addrkey_t*)ecs->subnet_addr, + ecs->subnet_source_mask, *env->now); + if (!node) { /* plain old cache miss */ + lock_rw_unlock(&e->lock); + return 0; + } + + qstate->return_msg = tomsg(NULL, &qstate->qinfo, + (struct reply_info *)node->elem, qstate->region, *env->now, + env->scratch); + scope = (uint8_t)node->scope; + lock_rw_unlock(&e->lock); + + if (!qstate->return_msg) { /* Failed allocation or expired TTL */ + return 0; + } + + if (sq->subnet_downstream) { /* relay to interested client */ + sq->ecs_client_out.subnet_scope_mask = scope; + sq->ecs_client_out.subnet_addr_fam = ecs->subnet_addr_fam; + sq->ecs_client_out.subnet_source_mask = ecs->subnet_source_mask; + memcpy(&sq->ecs_client_out.subnet_addr, &ecs->subnet_addr, + INET6_SIZE); + sq->ecs_client_out.subnet_validdata = 1; + } + return 1; +} + +/** + * Test first bits of addresses for equality. Caller is responsible + * for making sure that both a and b are at least net/8 octets long. + * @param a: first address. + * @param a: seconds address. + * @param net: Number of bits to test. + * @return: 1 if equal, 0 otherwise. + */ +static int +common_prefix(uint8_t *a, uint8_t *b, uint8_t net) +{ + size_t n = (size_t)net / 8; + return !memcmp(a, b, n) && ((net % 8) == 0 || a[n] == b[n]); +} + +static enum module_ext_state +eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) +{ + struct subnet_env *sne = qstate->env->modinfo[id]; + + struct ecs_data *c_in = &sq->ecs_client_in; /* rcvd from client */ + struct ecs_data *c_out = &sq->ecs_client_out;/* will send to client */ + struct ecs_data *s_in = &sq->ecs_server_in; /* rcvd from auth */ + struct ecs_data *s_out = &sq->ecs_server_out;/* sent to auth */ + + memset(c_out, 0, sizeof(*c_out)); + + if (!qstate->return_msg) return module_error; + + /* We have not asked for subnet data */ + if (!sq->subnet_sent) { + if (s_in->subnet_validdata) + verbose(VERB_QUERY, "subnet: received spurious data"); + if (sq->subnet_downstream) /* Copy back to client */ + cp_edns_bad_response(c_out, c_in); + return module_finished; + } + + /* subnet sent but nothing came back */ + if (!s_in->subnet_validdata) { + /* The authority indicated no support for edns subnet. As a + * consequence the answer ended up in the regular cache. It + * is still usefull to put it in the edns subnet cache for + * when a client explicitly asks for subnet specific answer. */ + verbose(VERB_QUERY, "subnet: Authority indicates no support"); + lock_rw_wrlock(&sne->biglock); + update_cache(qstate, id); + lock_rw_unlock(&sne->biglock); + if (sq->subnet_downstream) + cp_edns_bad_response(c_out, c_in); + return module_finished; + } + + /* Being here means we have asked for and got a subnet specific + * answer. Also, the answer from the authority is not yet cached + * anywhere. */ + + /* can we accept response? */ + if(s_out->subnet_addr_fam != s_in->subnet_addr_fam || + s_out->subnet_source_mask != s_in->subnet_source_mask || + !common_prefix(s_out->subnet_addr, s_in->subnet_addr, + s_out->subnet_source_mask)) + { + /* we can not accept, restart query without option */ + verbose(VERB_QUERY, "subnet: forged data"); + s_out->subnet_validdata = 0; + (void)edns_opt_list_remove(&qstate->edns_opts_back_out, + qstate->env->cfg->client_subnet_opcode); + sq->subnet_sent = 0; + return module_restart_next; + } + + lock_rw_wrlock(&sne->biglock); + update_cache(qstate, id); + lock_rw_unlock(&sne->biglock); + + if (sq->subnet_downstream) { + /* Client wants to see the answer, echo option back + * and adjust the scope. */ + c_out->subnet_addr_fam = c_in->subnet_addr_fam; + c_out->subnet_source_mask = c_in->subnet_source_mask; + memcpy(&c_out->subnet_addr, &c_in->subnet_addr, INET6_SIZE); + c_out->subnet_scope_mask = s_in->subnet_scope_mask; + c_out->subnet_validdata = 1; + } + return module_finished; +} + +/** Parse EDNS opt data containing ECS */ +static int +parse_subnet_option(struct edns_option* ecs_option, struct ecs_data* ecs) +{ + memset(ecs, 0, sizeof(*ecs)); + if (ecs_option->opt_len < 4) + return 0; + + ecs->subnet_addr_fam = sldns_read_uint16(ecs_option->opt_data); + ecs->subnet_source_mask = ecs_option->opt_data[2]; + ecs->subnet_scope_mask = ecs_option->opt_data[3]; + /* remaing bytes indicate address */ + + /* validate input*/ + /* option length matches calculated length? */ + if (ecs_option->opt_len != (size_t)((ecs->subnet_source_mask+7)/8 + 4)) + return 0; + if (ecs_option->opt_len - 4 > INET6_SIZE || ecs_option->opt_len == 0) + return 0; + if (ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4) { + if (ecs->subnet_source_mask > 32 || ecs->subnet_scope_mask > 32) + return 0; + } else if (ecs->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP6) { + if (ecs->subnet_source_mask > 128 || + ecs->subnet_scope_mask > 128) + return 0; + } else + return 0; + + /* valid ECS data, write to ecs_data */ + if (copy_clear(ecs->subnet_addr, INET6_SIZE, ecs_option->opt_data + 4, + ecs_option->opt_len - 4, ecs->subnet_source_mask)) + return 0; + ecs->subnet_validdata = 1; + return 1; +} + +static void +subnet_option_from_ss(struct sockaddr_storage *ss, struct ecs_data* ecs, + struct config_file* cfg) +{ + void* sinaddr; + + /* Construct subnet option from original query */ + if(((struct sockaddr_in*)ss)->sin_family == AF_INET) { + ecs->subnet_source_mask = cfg->max_client_subnet_ipv4; + ecs->subnet_addr_fam = EDNSSUBNET_ADDRFAM_IP4; + sinaddr = &((struct sockaddr_in*)ss)->sin_addr; + if (!copy_clear( ecs->subnet_addr, INET6_SIZE, + (uint8_t *)sinaddr, INET_SIZE, + ecs->subnet_source_mask)) { + ecs->subnet_validdata = 1; + } + } +#ifdef INET6 + else { + ecs->subnet_source_mask = cfg->max_client_subnet_ipv6; + ecs->subnet_addr_fam = EDNSSUBNET_ADDRFAM_IP6; + sinaddr = &((struct sockaddr_in6*)ss)->sin6_addr; + if (!copy_clear( ecs->subnet_addr, INET6_SIZE, + (uint8_t *)sinaddr, INET6_SIZE, + ecs->subnet_source_mask)) { + ecs->subnet_validdata = 1; + } + } +#else + /* We don't know how to handle ip6, just pass */ +#endif /* INET6 */ +} + +int +ecs_query_response(struct module_qstate* qstate, struct dns_msg* response, + int id, void* ATTR_UNUSED(cbargs)) +{ + struct subnet_qstate *sq; + + if(!response || !(sq=(struct subnet_qstate*)qstate->minfo[id])) + return 1; + + if(sq->subnet_sent && + FLAGS_GET_RCODE(response->rep->flags) == LDNS_RCODE_REFUSED) { + /* REFUSED reponse to ECS query, remove ECS option. */ + edns_opt_list_remove(&qstate->edns_opts_back_out, + qstate->env->cfg->client_subnet_opcode); + sq->subnet_sent = 0; + memset(&sq->ecs_server_out, 0, sizeof(sq->ecs_server_out)); + } + return 1; +} + +int +ecs_edns_back_parsed(struct module_qstate* qstate, int id, + void* ATTR_UNUSED(cbargs)) +{ + struct subnet_qstate *sq; + struct edns_option* ecs_opt; + + if(!(sq=(struct subnet_qstate*)qstate->minfo[id])) + return 1; + if((ecs_opt = edns_opt_list_find( + qstate->edns_opts_back_in, + qstate->env->cfg->client_subnet_opcode))) { + if(parse_subnet_option(ecs_opt, &sq->ecs_server_in) && + sq->subnet_sent && + sq->ecs_server_in.subnet_validdata) + /* Only skip global cache store if we sent an ECS option + * and received one back. Answers from non-whitelisted + * servers will end up in global cache. Ansers for + * queries with 0 source will not (unless nameserver + * does not support ECS). */ + qstate->no_cache_store = 1; + } + + return 1; +} + +void +subnetmod_operate(struct module_qstate *qstate, enum module_ev event, + int id, struct outbound_entry* outbound) +{ + struct subnet_env *sne = qstate->env->modinfo[id]; + struct subnet_qstate *sq = (struct subnet_qstate*)qstate->minfo[id]; + + verbose(VERB_QUERY, "subnet[module %d] operate: extstate:%s " + "event:%s", id, strextstate(qstate->ext_state[id]), + strmodulevent(event)); + log_query_info(VERB_QUERY, "subnet operate: query", &qstate->qinfo); + + if((event == module_event_new || event == module_event_pass) && + sq == NULL) { + struct edns_option* ecs_opt; + if(!subnet_new_qstate(qstate, id)) { + qstate->return_msg = NULL; + qstate->ext_state[id] = module_finished; + return; + } + + sq = (struct subnet_qstate*)qstate->minfo[id]; + + if((ecs_opt = edns_opt_list_find( + qstate->edns_opts_front_in, + qstate->env->cfg->client_subnet_opcode))) { + if(!parse_subnet_option(ecs_opt, &sq->ecs_client_in)) { + /* Wrongly formatted ECS option. RFC mandates to + * return FORMERROR. */ + qstate->return_rcode = LDNS_RCODE_FORMERR; + qstate->ext_state[id] = module_finished; + return; + } + sq->subnet_downstream = 1; + } + else if(qstate->mesh_info->reply_list) { + subnet_option_from_ss( + &qstate->mesh_info->reply_list->query_reply.addr, + &sq->ecs_client_in, qstate->env->cfg); + } + + if(sq->ecs_client_in.subnet_validdata == 0) { + /* No clients are interested in result or we could not + * parse it, we don't do client subnet */ + sq->ecs_server_out.subnet_validdata = 0; + verbose(VERB_ALGO, "subnet: pass to next module"); + qstate->ext_state[id] = module_wait_module; + return; + } + + lock_rw_wrlock(&sne->biglock); + if (lookup_and_reply(qstate, id, sq)) { + lock_rw_unlock(&sne->biglock); + verbose(VERB_QUERY, "subnet: answered from cache"); + qstate->ext_state[id] = module_finished; + + ecs_opt_list_append(&sq->ecs_client_out, + &qstate->edns_opts_front_out, qstate); + return; + } + lock_rw_unlock(&sne->biglock); + + sq->ecs_server_out.subnet_addr_fam = + sq->ecs_client_in.subnet_addr_fam; + sq->ecs_server_out.subnet_source_mask = + sq->ecs_client_in.subnet_source_mask; + /* Limit source prefix to configured maximum */ + if(sq->ecs_server_out.subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4 + && sq->ecs_server_out.subnet_source_mask > + qstate->env->cfg->max_client_subnet_ipv4) + sq->ecs_server_out.subnet_source_mask = + qstate->env->cfg->max_client_subnet_ipv4; + else if(sq->ecs_server_out.subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP6 + && sq->ecs_server_out.subnet_source_mask > + qstate->env->cfg->max_client_subnet_ipv6) + sq->ecs_server_out.subnet_source_mask = + qstate->env->cfg->max_client_subnet_ipv6; + /* Safe to copy completely, even if the source is limited by the + * configuration. ecs_opt_list_append() will limit the address. + * */ + memcpy(&sq->ecs_server_out.subnet_addr, + sq->ecs_client_in.subnet_addr, INET6_SIZE); + sq->ecs_server_out.subnet_scope_mask = 0; + sq->ecs_server_out.subnet_validdata = 1; + if(sq->ecs_server_out.subnet_source_mask != 0 && + sq->subnet_downstream) + /* ECS specific data required, do not look at the global + * cache in other modules. */ + qstate->no_cache_lookup = 1; + + /* pass request to next module */ + verbose(VERB_ALGO, + "subnet: not found in cache. pass to next module"); + qstate->ext_state[id] = module_wait_module; + return; + } + /* Query handed back by next module, we have a 'final' answer */ + if(sq && event == module_event_moddone) { + qstate->ext_state[id] = eval_response(qstate, id, sq); + if(qstate->ext_state[id] == module_finished) { + ecs_opt_list_append(&sq->ecs_client_out, + &qstate->edns_opts_front_out, qstate); + } + return; + } + if(sq && outbound) { + return; + } + /* We are being revisited */ + if(event == module_event_pass || event == module_event_new) { + /* Just pass it on, we already did the work */ + verbose(VERB_ALGO, "subnet: pass to next module"); + qstate->ext_state[id] = module_wait_module; + return; + } + if(!sq && (event == module_event_moddone)) { + /* during priming, module done but we never started */ + qstate->ext_state[id] = module_finished; + return; + } + log_err("subnet: bad event %s", strmodulevent(event)); + qstate->ext_state[id] = module_error; + return; +} + +void +subnetmod_clear(struct module_qstate *ATTR_UNUSED(qstate), + int ATTR_UNUSED(id)) +{ + /* qstate has no data outside region */ +} + +void +subnetmod_inform_super(struct module_qstate *ATTR_UNUSED(qstate), + int ATTR_UNUSED(id), struct module_qstate *ATTR_UNUSED(super)) +{ + /* Not used */ +} + +size_t +subnetmod_get_mem(struct module_env *env, int id) +{ + struct subnet_env *sn_env = env->modinfo[id]; + if (!sn_env) return 0; + return sizeof(*sn_env) + + slabhash_get_mem(sn_env->subnet_msg_cache) + + upstream_get_mem(sn_env->edns_subnet_upstreams); +} + +/** + * The module function block + */ +static struct module_func_block subnetmod_block = { + "subnet", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, + &subnetmod_inform_super, &subnetmod_clear, &subnetmod_get_mem +}; + +struct module_func_block* +subnetmod_get_funcblock(void) +{ + return &subnetmod_block; +} + +/** Wrappers for static functions to unit test */ +size_t +unittest_wrapper_subnetmod_sizefunc(void *elemptr) +{ + return sizefunc(elemptr); +} + +#endif /* CLIENT_SUBNET */ diff --git a/edns-subnet/subnetmod.h b/edns-subnet/subnetmod.h new file mode 100644 index 000000000000..f2baa466ae61 --- /dev/null +++ b/edns-subnet/subnetmod.h @@ -0,0 +1,130 @@ +/* + * edns-subnet/subnetmod.h - edns subnet module. Must be called before validator + * and iterator. + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * subnet module for unbound. + */ + +#ifndef SUBNETMOD_H +#define SUBNETMOD_H +#include "util/module.h" +#include "services/outbound_list.h" +#include "util/alloc.h" +#include "util/net_help.h" +#include "util/storage/slabhash.h" +#include "edns-subnet/addrtree.h" +#include "edns-subnet/edns-subnet.h" + +/** + * Global state for the subnet module. + */ +struct subnet_env { + /** shared message cache + * key: struct query_info* + * data: struct subnet_msg_cache_data* */ + struct slabhash* subnet_msg_cache; + /** access control, which upstream servers we send client address */ + struct ednssubnet_upstream* edns_subnet_upstreams; + /** allocation service */ + struct alloc_cache alloc; + lock_rw_type biglock; +}; + +struct subnet_msg_cache_data { + struct addrtree* tree4; + struct addrtree* tree6; +}; + +struct subnet_qstate { + /** We need the hash for both cache lookup and insert */ + hashvalue_type qinfo_hash; + /** ecs_data for client communication */ + struct ecs_data ecs_client_in; + struct ecs_data ecs_client_out; + /** ecss data for server communication */ + struct ecs_data ecs_server_in; + struct ecs_data ecs_server_out; + int subnet_downstream; + int subnet_sent; +}; + +void subnet_data_delete(void* d, void* ATTR_UNUSED(arg)); +size_t msg_cache_sizefunc(void* k, void* d); + +/** + * Get the module function block. + * @return: function block with function pointers to module methods. + */ +struct module_func_block* subnetmod_get_funcblock(void); + +/** subnet module init */ +int subnetmod_init(struct module_env* env, int id); + +/** subnet module deinit */ +void subnetmod_deinit(struct module_env* env, int id); + +/** subnet module operate on a query */ +void subnetmod_operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* outbound); + +/** subnet module */ +void subnetmod_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super); + +/** subnet module cleanup query state */ +void subnetmod_clear(struct module_qstate* qstate, int id); + +/** subnet module alloc size routine */ +size_t subnetmod_get_mem(struct module_env* env, int id); + +/** Wrappers for static functions to unit test */ +size_t unittest_wrapper_subnetmod_sizefunc(void *elemptr); + +/** Whitelist check, called just before query is sent upstream. */ +int ecs_whitelist_check(struct query_info* qinfo, uint16_t flags, + struct module_qstate* qstate, struct sockaddr_storage* addr, + socklen_t addrlen, uint8_t* zone, size_t zonelen, + struct regional* region, int id, void* cbargs); + +/** Check whether reponse from server contains ECS record, if so, skip cache + * store. Called just after parsing EDNS data from server. */ +int ecs_edns_back_parsed(struct module_qstate* qstate, int id, void* cbargs); + +/** Remove ECS record from back_out when query resulted in REFUSED response. */ +int ecs_query_response(struct module_qstate* qstate, struct dns_msg* response, + int id, void* cbargs); + +#endif /* SUBNETMOD_H */ diff --git a/iterator/iterator.c b/iterator/iterator.c index 99ce96f384ee..43b3d30c330b 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -373,6 +373,29 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg, } /** + * Find rrset in ANSWER prepend list. + * to avoid duplicate DNAMEs when a DNAME is traversed twice. + * @param iq: iterator query state. + * @param rrset: rrset to add. + * @return false if not found + */ +static int +iter_find_rrset_in_prepend_answer(struct iter_qstate* iq, + struct ub_packed_rrset_key* rrset) +{ + struct iter_prep_list* p = iq->an_prepend_list; + while(p) { + if(ub_rrset_compare(p->rrset, rrset) == 0 && + rrsetdata_equal((struct packed_rrset_data*)p->rrset + ->entry.data, (struct packed_rrset_data*)rrset + ->entry.data)) + return 1; + p = p->next; + } + return 0; +} + +/** * Add rrset to ANSWER prepend list * @param qstate: query state. * @param iq: iterator query state. @@ -454,14 +477,16 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, * by this DNAME following, so we don't process the DNAME * directly. */ if(ntohs(r->rk.type) == LDNS_RR_TYPE_DNAME && - dname_strict_subdomain_c(*mname, r->rk.dname)) { + dname_strict_subdomain_c(*mname, r->rk.dname) && + !iter_find_rrset_in_prepend_answer(iq, r)) { if(!iter_add_prepend_answer(qstate, iq, r)) return 0; continue; } if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && - query_dname_compare(*mname, r->rk.dname) == 0) { + query_dname_compare(*mname, r->rk.dname) == 0 && + !iter_find_rrset_in_prepend_answer(iq, r)) { /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; @@ -1326,7 +1351,7 @@ processInitRequest3(struct module_qstate* qstate, struct iter_qstate* iq, /* If the RD flag wasn't set, then we just finish with the * cached referral as the response. */ - if(!(qstate->query_flags & BIT_RD)) { + if(!(qstate->query_flags & BIT_RD) && iq->deleg_msg) { iq->response = iq->deleg_msg; if(verbosity >= VERB_ALGO && iq->response) log_dns_msg("no RD requested, using delegation msg", @@ -2169,6 +2194,10 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, int dnsseclame = 0; enum response_type type; iq->num_current_queries--; + + if(!inplace_cb_query_response_call(qstate->env, qstate, iq->response)) + log_err("unable to call query_response callback"); + if(iq->response == NULL) { /* Don't increment qname when QNAME minimisation is enabled */ if(qstate->env->cfg->qname_minimisation) @@ -2233,6 +2262,22 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, } else iter_scrub_ds(iq->response, ns, iq->dp->name); } else iter_scrub_ds(iq->response, NULL, NULL); + if(type == RESPONSE_TYPE_THROWAWAY && + FLAGS_GET_RCODE(iq->response->rep->flags) == LDNS_RCODE_YXDOMAIN) { + /* YXDOMAIN is a permanent error, no need to retry */ + type = RESPONSE_TYPE_ANSWER; + } + if(type == RESPONSE_TYPE_CNAME && iq->response->rep->an_numrrsets >= 1 + && ntohs(iq->response->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DNAME) { + uint8_t* sname = NULL; + size_t snamelen = 0; + get_cname_target(iq->response->rep->rrsets[0], &sname, + &snamelen); + if(snamelen && dname_subdomain_c(sname, iq->response->rep->rrsets[0]->rk.dname)) { + /* DNAME to a subdomain loop; do not recurse */ + type = RESPONSE_TYPE_ANSWER; + } + } /* handle each of the type cases */ if(type == RESPONSE_TYPE_ANSWER) { @@ -3161,6 +3206,10 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq, /* like packet got dropped */ goto handle_it; } + if(!inplace_cb_edns_back_parsed_call(qstate->env, qstate)) { + log_err("unable to call edns_back_parsed callback"); + goto handle_it; + } } /* remove CD-bit, we asked for in case we handle validation ourself */ diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index 727b27522019..eaa31c71c590 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -310,7 +310,6 @@ ub_ctx_delete(struct ub_ctx* ctx) infra_delete(ctx->env->infra_cache); config_delete(ctx->env->cfg); edns_known_options_delete(ctx->env); - inplace_cb_lists_delete(ctx->env); free(ctx->env); } ub_randfree(ctx->seed_rnd); diff --git a/pythonmod/doc/examples/example6.rst b/pythonmod/doc/examples/example6.rst index ce89aab99f40..07117cd556e7 100644 --- a/pythonmod/doc/examples/example6.rst +++ b/pythonmod/doc/examples/example6.rst @@ -63,7 +63,7 @@ We can register such function as: .. code-block:: python - if not register_inplace_cb_reply(inplace_reply_callback, env): + if not register_inplace_cb_reply(inplace_reply_callback, env, id): log_info("python: Could not register inplace callback function.") @@ -99,7 +99,7 @@ We can register such function as: .. code-block:: python - if not register_inplace_cb_reply_cache(inplace_cache_callback, env): + if not register_inplace_cb_reply_cache(inplace_cache_callback, env, id): log_info("python: Could not register inplace callback function.") @@ -135,7 +135,7 @@ We can register such function as: .. code-block:: python - if not register_inplace_cb_reply_local(inplace_local_callback, env): + if not register_inplace_cb_reply_local(inplace_local_callback, env, id): log_info("python: Could not register inplace callback function.") @@ -172,7 +172,7 @@ We can register such function as: .. code-block:: python - if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env): + if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env, id): log_info("python: Could not register inplace callback function.") diff --git a/pythonmod/examples/inplace_callbacks.py b/pythonmod/examples/inplace_callbacks.py index e87614a12470..751dee510854 100644 --- a/pythonmod/examples/inplace_callbacks.py +++ b/pythonmod/examples/inplace_callbacks.py @@ -46,22 +46,22 @@ # (unbound needs to be validating for this example to work) # Useful functions: -# register_inplace_cb_reply(inplace_reply_callback, env): +# register_inplace_cb_reply(inplace_reply_callback, env, id): # Register the reply_callback function as an inplace callback function # when answering with a resolved query. # Return True on success, False on failure. # -# register_inplace_cb_reply_cache(inplace_reply_cache_callback, env): +# register_inplace_cb_reply_cache(inplace_reply_cache_callback, env, id): # Register the reply_cache_callback function as an inplace callback # function when answering from cache. # Return True on success, False on failure. # -# register_inplace_cb_reply_local(inplace_reply_local_callback, env): +# register_inplace_cb_reply_local(inplace_reply_local_callback, env, id): # Register the reply_local_callback function as an inplace callback # function when answering from local data or chaos reply. # Return True on success, False on failure. # -# register_inplace_cb_reply_servfail(inplace_reply_servfail_callback, env): +# register_inplace_cb_reply_servfail(inplace_reply_servfail_callback, env, id): # Register the reply_servfail_callback function as an inplace callback # function when answering with servfail. # Return True on success, False on failure. @@ -193,22 +193,22 @@ def init_standard(id, env): # Register the inplace_reply_callback function as an inplace callback # function when answering a resolved query. - if not register_inplace_cb_reply(inplace_reply_callback, env): + if not register_inplace_cb_reply(inplace_reply_callback, env, id): return False # Register the inplace_cache_callback function as an inplace callback # function when answering from cache. - if not register_inplace_cb_reply_cache(inplace_cache_callback, env): + if not register_inplace_cb_reply_cache(inplace_cache_callback, env, id): return False # Register the inplace_local_callback function as an inplace callback # function when answering from local data. - if not register_inplace_cb_reply_local(inplace_local_callback, env): + if not register_inplace_cb_reply_local(inplace_local_callback, env, id): return False # Register the inplace_servfail_callback function as an inplace callback # function when answering with SERVFAIL. - if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env): + if not register_inplace_cb_reply_servfail(inplace_servfail_callback, env, id): return False return True diff --git a/pythonmod/interface.i b/pythonmod/interface.i index 89dd73d996b5..09d726f2cf46 100644 --- a/pythonmod/interface.i +++ b/pythonmod/interface.i @@ -4,7 +4,7 @@ %module unboundmodule %{ /** - * \file + * \file * This is the interface between the unbound server and a python module * called to perform operations on queries. */ @@ -58,7 +58,7 @@ } %} -/* ************************************************************************************ * +/* ************************************************************************************ * Structure query_info * ************************************************************************************ */ /* Query info */ @@ -76,24 +76,24 @@ struct query_info { }; %inline %{ - enum enum_rr_class { + enum enum_rr_class { RR_CLASS_IN = 1, RR_CLASS_CH = 3, RR_CLASS_HS = 4, RR_CLASS_NONE = 254, RR_CLASS_ANY = 255, }; - + enum enum_rr_type { - RR_TYPE_A = 1, - RR_TYPE_NS = 2, - RR_TYPE_MD = 3, - RR_TYPE_MF = 4, - RR_TYPE_CNAME = 5, - RR_TYPE_SOA = 6, - RR_TYPE_MB = 7, - RR_TYPE_MG = 8, - RR_TYPE_MR = 9, + RR_TYPE_A = 1, + RR_TYPE_NS = 2, + RR_TYPE_MD = 3, + RR_TYPE_MF = 4, + RR_TYPE_CNAME = 5, + RR_TYPE_SOA = 6, + RR_TYPE_MB = 7, + RR_TYPE_MG = 8, + RR_TYPE_MR = 9, RR_TYPE_NULL = 10, RR_TYPE_WKS = 11, RR_TYPE_PTR = 12, @@ -131,7 +131,7 @@ struct query_info { RR_TYPE_SSHFP = 44, RR_TYPE_IPSECKEY = 45, RR_TYPE_RRSIG = 46, - RR_TYPE_NSEC = 47, + RR_TYPE_NSEC = 47, RR_TYPE_DNSKEY = 48, RR_TYPE_DHCID = 49, RR_TYPE_NSEC3 = 50, @@ -151,7 +151,7 @@ struct query_info { PyObject* _get_qname(struct query_info* q) { return PyBytes_FromStringAndSize((char*)q->qname, q->qname_len); - } + } PyObject* _get_qname_components(struct query_info* q) { return GetNameAsLabelList((const char*)q->qname, q->qname_len); @@ -179,7 +179,7 @@ struct query_info { __swig_getmethods__["qname"] = _unboundmodule._get_qname if _newclass:qname = _swig_property(_unboundmodule._get_qname) - + __swig_getmethods__["qname_list"] = _unboundmodule._get_qname_components if _newclass:qname_list = _swig_property(_unboundmodule._get_qname_components) @@ -189,7 +189,7 @@ struct query_info { %} } -/* ************************************************************************************ * +/* ************************************************************************************ * Structure packed_rrset_key * ************************************************************************************ */ %ignore packed_rrset_key::dname; @@ -200,7 +200,7 @@ struct packed_rrset_key { %immutable; char* dname; size_t dname_len; - uint32_t flags; + uint32_t flags; uint16_t type; /* rrset type in network format */ uint16_t rrset_class; /* rrset class in network format */ %mutable; @@ -216,7 +216,7 @@ uint16_t ntohs(uint16_t netshort); %inline %{ PyObject* _get_dname(struct packed_rrset_key* k) { return PyBytes_FromStringAndSize((char*)k->dname, k->dname_len); - } + } PyObject* _get_dname_components(struct packed_rrset_key* k) { return GetNameAsLabelList((char*)k->dname, k->dname_len); } @@ -244,11 +244,11 @@ uint16_t ntohs(uint16_t netshort); %} } -#if defined(SWIGWORDSIZE64) +#if defined(SWIGWORDSIZE64) typedef long int rrset_id_type; -#else +#else typedef long long int rrset_id_type; -#endif +#endif struct ub_packed_rrset_key { struct lruhash_entry entry; @@ -279,7 +279,7 @@ struct packed_rrset_data { /* number of rrsigs */ size_t rrsig_count; - enum rrset_trust trust; + enum rrset_trust trust; enum sec_status security; /* length of every rr's rdata */ @@ -309,26 +309,26 @@ struct packed_rrset_data { %inline %{ PyObject* _get_data_rr_len(struct packed_rrset_data* d, int idx) { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) + if ((d != NULL) && (idx >= 0) && + ((size_t)idx < (d->count+d->rrsig_count))) return PyInt_FromLong(d->rr_len[idx]); return Py_None; } void _set_data_rr_ttl(struct packed_rrset_data* d, int idx, uint32_t ttl) { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) + if ((d != NULL) && (idx >= 0) && + ((size_t)idx < (d->count+d->rrsig_count))) d->rr_ttl[idx] = ttl; } PyObject* _get_data_rr_ttl(struct packed_rrset_data* d, int idx) { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) + if ((d != NULL) && (idx >= 0) && + ((size_t)idx < (d->count+d->rrsig_count))) return PyInt_FromLong(d->rr_ttl[idx]); return Py_None; } PyObject* _get_data_rr_data(struct packed_rrset_data* d, int idx) { - if ((d != NULL) && (idx >= 0) && - ((size_t)idx < (d->count+d->rrsig_count))) + if ((d != NULL) && (idx >= 0) && + ((size_t)idx < (d->count+d->rrsig_count))) return PyBytes_FromStringAndSize((char*)d->rr_data[idx], d->rr_len[idx]); return Py_None; @@ -349,7 +349,7 @@ struct packed_rrset_data { %} } -/* ************************************************************************************ * +/* ************************************************************************************ * Structure reply_info * ************************************************************************************ */ /* Messages */ @@ -426,7 +426,7 @@ struct dns_msg { %} } -/* ************************************************************************************ * +/* ************************************************************************************ * Structure mesh_state * ************************************************************************************ */ struct mesh_state { @@ -439,7 +439,7 @@ struct mesh_reply { }; struct comm_reply { - + }; %inline %{ @@ -489,7 +489,7 @@ struct comm_reply { %} } -/* ************************************************************************************ * +/* ************************************************************************************ * Structure edns_option * ************************************************************************************ */ /* Rename the members to follow the python convention of marking them as @@ -500,10 +500,10 @@ struct comm_reply { %rename(_opt_len) edns_option::opt_len; %rename(_opt_data) edns_option::opt_data; struct edns_option { - struct edns_option* next; - uint16_t opt_code; - size_t opt_len; - uint8_t* opt_data; + struct edns_option* next; + uint16_t opt_code; + size_t opt_len; + uint8_t* opt_data; }; %inline %{ @@ -529,7 +529,7 @@ struct edns_option { %} } -/* ************************************************************************************ * +/* ************************************************************************************ * Structure edns_data * ************************************************************************************ */ /* This is ignored because we will pass a double pointer of this to Python @@ -537,12 +537,12 @@ struct edns_option { * pointers as None. */ %ignore edns_data::opt_list; struct edns_data { - int edns_present; - uint8_t ext_rcode; - uint8_t edns_version; - uint16_t bits; - uint16_t udp_size; - struct edns_option* opt_list; + int edns_present; + uint8_t ext_rcode; + uint8_t edns_version; + uint16_t bits; + uint16_t udp_size; + struct edns_option* opt_list; }; %inline %{ struct edns_option** _edns_data_opt_list_get(struct edns_data* edns) { @@ -564,49 +564,48 @@ struct edns_data { Structure module_env * ************************************************************************************ */ struct module_env { - struct config_file* cfg; - struct slabhash* msg_cache; - struct rrset_cache* rrset_cache; - struct infra_cache* infra_cache; - struct key_cache* key_cache; - - /* --- services --- */ - struct outbound_entry* (*send_query)(struct query_info* qinfo, - uint16_t flags, int dnssec, int want_dnssec, int nocaps, - struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, int ssl_upstream, - struct module_qstate* q); - void (*detach_subs)(struct module_qstate* qstate); - int (*attach_sub)(struct module_qstate* qstate, - struct query_info* qinfo, uint16_t qflags, int prime, - int valrec, struct module_qstate** newq); - void (*kill_sub)(struct module_qstate* newq); - int (*detect_cycle)(struct module_qstate* qstate, - struct query_info* qinfo, uint16_t flags, int prime, - int valrec); - - struct regional* scratch; - struct sldns_buffer* scratch_buffer; - struct worker* worker; - struct mesh_area* mesh; - struct alloc_cache* alloc; - struct ub_randstate* rnd; - time_t* now; - struct timeval* now_tv; - int need_to_validate; - struct val_anchors* anchors; - struct val_neg_cache* neg_cache; - struct comm_timer* probe_timer; - struct iter_forwards* fwds; - struct iter_hints* hints; - void* modinfo[MAX_MODULE]; - - void* inplace_cb_lists[inplace_cb_types_total]; - struct edns_known_option* edns_known_options; - size_t edns_known_options_num; + struct config_file* cfg; + struct slabhash* msg_cache; + struct rrset_cache* rrset_cache; + struct infra_cache* infra_cache; + struct key_cache* key_cache; + + /* --- services --- */ + struct outbound_entry* (*send_query)(struct query_info* qinfo, + uint16_t flags, int dnssec, int want_dnssec, int nocaps, + struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t* zone, size_t zonelen, int ssl_upstream, + struct module_qstate* q); + void (*detach_subs)(struct module_qstate* qstate); + int (*attach_sub)(struct module_qstate* qstate, + struct query_info* qinfo, uint16_t qflags, int prime, + int valrec, struct module_qstate** newq); + void (*kill_sub)(struct module_qstate* newq); + int (*detect_cycle)(struct module_qstate* qstate, + struct query_info* qinfo, uint16_t flags, int prime, + int valrec); + + struct regional* scratch; + struct sldns_buffer* scratch_buffer; + struct worker* worker; + struct mesh_area* mesh; + struct alloc_cache* alloc; + struct ub_randstate* rnd; + time_t* now; + struct timeval* now_tv; + int need_to_validate; + struct val_anchors* anchors; + struct val_neg_cache* neg_cache; + struct comm_timer* probe_timer; + struct iter_forwards* fwds; + struct iter_hints* hints; + void* modinfo[MAX_MODULE]; + + void* inplace_cb_lists[inplace_cb_types_total]; + struct edns_known_option* edns_known_options; + size_t edns_known_options_num; }; - /* ************************************************************************************ * Structure module_qstate * ************************************************************************************ */ @@ -710,14 +709,14 @@ struct module_qstate { enum module_ext_state _ext_state_get(struct module_qstate* q, int idx) { if ((q != NULL) && (idx >= 0) && (idx < MAX_MODULE)) { return q->ext_state[idx]; - } + } return 0; } void _ext_state_set(struct module_qstate* q, int idx, enum module_ext_state state) { if ((q != NULL) && (idx >= 0) && (idx < MAX_MODULE)) { q->ext_state[idx] = state; - } + } } int edns_opt_list_is_empty(struct edns_option** opt) { @@ -789,7 +788,7 @@ struct module_qstate { %} } -/* ************************************************************************************ * +/* ************************************************************************************ * Structure config_strlist * ************************************************************************************ */ struct config_strlist { @@ -797,7 +796,7 @@ struct config_strlist { char* str; }; -/* ************************************************************************************ * +/* ************************************************************************************ * Structure config_str2list * ************************************************************************************ */ struct config_str2list { @@ -806,7 +805,7 @@ struct config_str2list { char* str2; }; -/* ************************************************************************************ * +/* ************************************************************************************ * Structure config_file * ************************************************************************************ */ struct config_file { @@ -873,7 +872,7 @@ struct config_file { struct config_strlist* dlv_anchor_list; int max_ttl; int32_t val_date_override; - int bogus_ttl; + int bogus_ttl; int val_clean_additional; int val_permissive_mode; char* val_nsec3_key_iterations; @@ -894,7 +893,7 @@ struct config_file { char* python_script; }; -/* ************************************************************************************ * +/* ************************************************************************************ * ASN: Adding structures related to forwards_lookup and dns_cache_find_delegation * ************************************************************************************ */ struct delegpt_ns { @@ -932,7 +931,7 @@ struct delegpt { %inline %{ PyObject* _get_dp_dname(struct delegpt* dp) { return PyBytes_FromStringAndSize((char*)dp->name, dp->namelen); - } + } PyObject* _get_dp_dname_components(struct delegpt* dp) { return GetNameAsLabelList((char*)dp->name, dp->namelen); } @@ -987,7 +986,7 @@ struct delegpt { %} } -/* ************************************************************************************ * +/* ************************************************************************************ * Enums * ************************************************************************************ */ %rename ("MODULE_STATE_INITIAL") "module_state_initial"; @@ -1040,6 +1039,26 @@ enum verbosity_value { VERB_ALGO }; +enum inplace_cb_list_type { + /* Inplace callbacks for when a resolved reply is ready to be sent to the + * front.*/ + inplace_cb_reply = 0, + /* Inplace callbacks for when a reply is given from the cache. */ + inplace_cb_reply_cache, + /* Inplace callbacks for when a reply is given with local data + * (or Chaos reply). */ + inplace_cb_reply_local, + /* Inplace callbacks for when the reply is servfail. */ + inplace_cb_reply_servfail, + /* Inplace callbacks for when a query is ready to be sent to the back.*/ + inplace_cb_query, + /* Inplace callback for when a reply is received from the back. */ + inplace_cb_edns_back_parsed, + /* Total number of types. Used for array initialization. + * Should always be last. */ + inplace_cb_types_total +}; + %constant uint16_t PKT_QR = 1; /* QueRy - query flag */ %constant uint16_t PKT_AA = 2; /* Authoritative Answer - server flag */ %constant uint16_t PKT_TC = 4; /* TrunCated - server flag */ @@ -1049,17 +1068,17 @@ enum verbosity_value { %constant uint16_t PKT_AD = 64; /* Authenticated Data - server flag */ %{ -int checkList(PyObject *l) +int checkList(PyObject *l) { PyObject* item; int i; - if (l == Py_None) + if (l == Py_None) return 1; - if (PyList_Check(l)) + if (PyList_Check(l)) { - for (i=0; i < PyList_Size(l); i++) + for (i=0; i < PyList_Size(l); i++) { item = PyList_GetItem(l, i); if (!PyBytes_Check(item)) @@ -1078,7 +1097,7 @@ int pushRRList(sldns_buffer* qb, PyObject *l, uint32_t default_ttl, int qsec, int i; size_t len; - for (i=0; i < PyList_Size(l); i++) + for (i=0; i < PyList_Size(l); i++) { item = PyList_GetItem(l, i); @@ -1102,9 +1121,9 @@ int pushRRList(sldns_buffer* qb, PyObject *l, uint32_t default_ttl, int qsec, return 1; } -int set_return_msg(struct module_qstate* qstate, +int set_return_msg(struct module_qstate* qstate, const char* rr_name, sldns_rr_type rr_type, sldns_rr_class rr_class , uint16_t flags, uint32_t default_ttl, - PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional) + PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional) { sldns_buffer *qb = 0; int res = 1; @@ -1116,7 +1135,7 @@ int set_return_msg(struct module_qstate* qstate, uint16_t PKT_CD = 16; uint16_t PKT_RA = 32; uint16_t PKT_AD = 64; - + if ((!checkList(question)) || (!checkList(answer)) || (!checkList(authority)) || (!checkList(additional))) return 0; if ((qb = sldns_buffer_new(LDNS_RR_BUF_SIZE)) == 0) return 0; @@ -1165,7 +1184,7 @@ int set_return_msg(struct module_qstate* qstate, } %} -int set_return_msg(struct module_qstate* qstate, +int set_return_msg(struct module_qstate* qstate, const char* rr_name, int rr_type, int rr_class , uint16_t flags, uint32_t default_ttl, PyObject* question, PyObject* answer, PyObject* authority, PyObject* additional); @@ -1185,17 +1204,17 @@ int set_return_msg(struct module_qstate* qstate, def set_return_msg(self, qstate): """Returns 1 if OK""" - status = _unboundmodule.set_return_msg(qstate, self.rr_name, self.rr_type, self.rr_class, + status = _unboundmodule.set_return_msg(qstate, self.rr_name, self.rr_type, self.rr_class, self.query_flags, self.default_ttl, self.question, self.answer, self.authority, self.additional) if (status) and (PKT_AA & self.query_flags): qstate.return_msg.rep.authoritative = 1 - return status + return status %} -/* ************************************************************************************ * +/* ************************************************************************************ * ASN: Delegation pointer related functions * ************************************************************************************ */ @@ -1254,7 +1273,7 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n } %} -/* ************************************************************************************ * +/* ************************************************************************************ * Functions * ************************************************************************************ */ /****************************** @@ -1346,7 +1365,7 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, int python_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct regional* region, void* python_callback) + struct regional* region, int id, void* python_callback) { PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; PyObject *py_rep, *py_region; @@ -1379,56 +1398,49 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, return res; } - /* Swig implementations for Python */ - static int register_inplace_cb_reply(PyObject* py_cb, - struct module_env* env) + /* register a callback */ + static int python_inplace_cb_register(enum inplace_cb_list_type type, + PyObject* py_cb, struct module_env* env, int id) { - int ret = inplace_cb_reply_register( - python_inplace_cb_reply_generic, (void*) py_cb, env); + int ret = inplace_cb_register(python_inplace_cb_reply_generic, + type, (void*) py_cb, env, id); if (ret) Py_INCREF(py_cb); return ret; } + + /* Swig implementations for Python */ + static int register_inplace_cb_reply(PyObject* py_cb, + struct module_env* env, int id) + { + return python_inplace_cb_register(inplace_cb_reply, py_cb, env, id); + } static int register_inplace_cb_reply_cache(PyObject* py_cb, - struct module_env* env) + struct module_env* env, int id) { - int ret = inplace_cb_reply_cache_register( - python_inplace_cb_reply_generic, (void*) py_cb, env); - if (ret) Py_INCREF(py_cb); - return ret; + return python_inplace_cb_register(inplace_cb_reply_cache, py_cb, env, id); } static int register_inplace_cb_reply_local(PyObject* py_cb, - struct module_env* env) + struct module_env* env, int id) { - int ret = inplace_cb_reply_local_register( - python_inplace_cb_reply_generic, (void*) py_cb, env); - if (ret) Py_INCREF(py_cb); - return ret; + return python_inplace_cb_register(inplace_cb_reply_local, py_cb, env, id); } static int register_inplace_cb_reply_servfail(PyObject* py_cb, - struct module_env* env) + struct module_env* env, int id) { - int ret = inplace_cb_reply_servfail_register( - python_inplace_cb_reply_generic, (void*) py_cb, env); - if (ret) Py_INCREF(py_cb); - return ret; + return python_inplace_cb_register(inplace_cb_reply_servfail, + py_cb, env, id); } %} /* C declarations */ -int inplace_cb_reply_register( - inplace_cb_reply_func_type* cb, void* cb_arg, struct module_env* env); -int inplace_cb_reply_cache_register( - inplace_cb_reply_func_type* cb, void* cb_arg, struct module_env* env); -int inplace_cb_reply_local_register( - inplace_cb_reply_func_type* cb, void* cb_arg, struct module_env* env); -int inplace_cb_reply_servfail_register( - inplace_cb_reply_func_type* cb, void* cb_arg, struct module_env* env); +int inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, + struct module_env* env, int id); /* Swig declarations */ static int register_inplace_cb_reply(PyObject* py_cb, - struct module_env* env); + struct module_env* env, int id); static int register_inplace_cb_reply_cache(PyObject* py_cb, - struct module_env* env); + struct module_env* env, int id); static int register_inplace_cb_reply_local(PyObject* py_cb, - struct module_env* env); + struct module_env* env, int id); static int register_inplace_cb_reply_servfail(PyObject* py_cb, - struct module_env* env); + struct module_env* env, int id); diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c index 92e09dcacfaf..dde7e54b246a 100644 --- a/pythonmod/pythonmod.c +++ b/pythonmod/pythonmod.c @@ -1,22 +1,22 @@ /* * pythonmod.c: unbound module C wrapper - * + * * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) * Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) * * This software is open source. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. - * + * * * Neither the name of the organization nor the names of its * contributors may be used to endorse or promote products derived from this * software without specific prior written permission. @@ -63,7 +63,7 @@ typedef void* PyGILState_STATE; #endif /** - * Global state for the module. + * Global state for the module. */ struct pythonmod_env { @@ -117,7 +117,7 @@ int pythonmod_init(struct module_env* env, int id) int init_standard = 1; struct pythonmod_env* pe = (struct pythonmod_env*)calloc(1, sizeof(struct pythonmod_env)); - if (!pe) + if (!pe) { log_err("pythonmod: malloc failure"); return 0; @@ -133,7 +133,7 @@ int pythonmod_init(struct module_env* env, int id) } /* Initialize Python libraries */ - if (!Py_IsInitialized()) + if (!Py_IsInitialized()) { #if PY_MAJOR_VERSION >= 3 wchar_t progname[8]; @@ -169,13 +169,13 @@ int pythonmod_init(struct module_env* env, int id) PyRun_SimpleString("sys.path.append(distutils.sysconfig.get_python_lib(1,0)) \n"); if (PyRun_SimpleString("from unboundmodule import *\n") < 0) { - log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); PyGILState_Release(gil); return 0; } /* Check Python file load */ - if ((script_py = fopen(pe->fname, "r")) == NULL) + if ((script_py = fopen(pe->fname, "r")) == NULL) { log_err("pythonmod: can't open file %s for reading", pe->fname); PyGILState_Release(gil); @@ -190,8 +190,8 @@ int pythonmod_init(struct module_env* env, int id) PyModule_AddObject(pe->module, "mod_env", pe->data); /* TODO: deallocation of pe->... if an error occurs */ - - if (PyRun_SimpleFile(script_py, pe->fname) < 0) + + if (PyRun_SimpleFile(script_py, pe->fname) < 0) { log_err("pythonmod: can't parse Python script %s", pe->fname); PyGILState_Release(gil); @@ -203,26 +203,26 @@ int pythonmod_init(struct module_env* env, int id) if ((pe->func_init = PyDict_GetItemString(pe->dict, "init_standard")) == NULL) { init_standard = 0; - if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) + if ((pe->func_init = PyDict_GetItemString(pe->dict, "init")) == NULL) { log_err("pythonmod: function init is missing in %s", pe->fname); PyGILState_Release(gil); return 0; } } - if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) + if ((pe->func_deinit = PyDict_GetItemString(pe->dict, "deinit")) == NULL) { log_err("pythonmod: function deinit is missing in %s", pe->fname); PyGILState_Release(gil); return 0; } - if ((pe->func_operate = PyDict_GetItemString(pe->dict, "operate")) == NULL) + if ((pe->func_operate = PyDict_GetItemString(pe->dict, "operate")) == NULL) { log_err("pythonmod: function operate is missing in %s", pe->fname); PyGILState_Release(gil); return 0; } - if ((pe->func_inform = PyDict_GetItemString(pe->dict, "inform_super")) == NULL) + if ((pe->func_inform = PyDict_GetItemString(pe->dict, "inform_super")) == NULL) { log_err("pythonmod: function inform_super is missing in %s", pe->fname); PyGILState_Release(gil); @@ -239,7 +239,7 @@ int pythonmod_init(struct module_env* env, int id) SWIGTYPE_p_config_file, 0); } res = PyObject_CallFunction(pe->func_init, "iO", id, py_init_arg); - if (PyErr_Occurred()) + if (PyErr_Occurred()) { log_err("pythonmod: Exception occurred in function init"); PyErr_Print(); @@ -304,20 +304,20 @@ void pythonmod_inform_super(struct module_qstate* qstate, int id, struct module_ py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); py_sqstate = SWIG_NewPointerObj((void*) super, SWIGTYPE_p_module_qstate, 0); - res = PyObject_CallFunction(pe->func_inform, "iOOO", id, py_qstate, + res = PyObject_CallFunction(pe->func_inform, "iOOO", id, py_qstate, py_sqstate, pq->data); - if (PyErr_Occurred()) + if (PyErr_Occurred()) { log_err("pythonmod: Exception occurred in function inform_super"); PyErr_Print(); qstate->ext_state[id] = module_error; - } - else if ((res == NULL) || (!PyObject_IsTrue(res))) + } + else if ((res == NULL) || (!PyObject_IsTrue(res))) { log_err("pythonmod: python returned bad code in inform_super"); qstate->ext_state[id] = module_error; - } + } Py_XDECREF(res); Py_XDECREF(py_sqstate); @@ -326,7 +326,7 @@ void pythonmod_inform_super(struct module_qstate* qstate, int id, struct module_ PyGILState_Release(gil); } -void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, +void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, int id, struct outbound_entry* ATTR_UNUSED(outbound)) { struct pythonmod_env* pe = (struct pythonmod_env*)qstate->env->modinfo[id]; @@ -335,10 +335,10 @@ void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, PyGILState_STATE gil = PyGILState_Ensure(); if ( pq == NULL) - { + { /* create qstate */ pq = qstate->minfo[id] = malloc(sizeof(struct pythonmod_qstate)); - + /* Initialize per query data */ pq->data = Py_None; Py_INCREF(pq->data); @@ -346,19 +346,19 @@ void pythonmod_operate(struct module_qstate* qstate, enum module_ev event, /* Call operate */ py_qstate = SWIG_NewPointerObj((void*) qstate, SWIGTYPE_p_module_qstate, 0); - res = PyObject_CallFunction(pe->func_operate, "iiOO", id, (int) event, + res = PyObject_CallFunction(pe->func_operate, "iiOO", id, (int) event, py_qstate, pq->data); - if (PyErr_Occurred()) + if (PyErr_Occurred()) { log_err("pythonmod: Exception occurred in function operate, event: %s", strmodulevent(event)); PyErr_Print(); qstate->ext_state[id] = module_error; - } - else if ((res == NULL) || (!PyObject_IsTrue(res))) + } + else if ((res == NULL) || (!PyObject_IsTrue(res))) { log_err("pythonmod: python returned bad code, event: %s", strmodulevent(event)); qstate->ext_state[id] = module_error; - } + } Py_XDECREF(res); Py_XDECREF(py_qstate); @@ -372,7 +372,7 @@ void pythonmod_clear(struct module_qstate* qstate, int id) return; pq = (struct pythonmod_qstate*)qstate->minfo[id]; - verbose(VERB_ALGO, "pythonmod: clear, id: %d, pq:%lX", id, + verbose(VERB_ALGO, "pythonmod: clear, id: %d, pq:%lX", id, (unsigned long int)pq); if(pq != NULL) { @@ -389,7 +389,7 @@ void pythonmod_clear(struct module_qstate* qstate, int id) size_t pythonmod_get_mem(struct module_env* env, int id) { struct pythonmod_env* pe = (struct pythonmod_env*)env->modinfo[id]; - verbose(VERB_ALGO, "pythonmod: get_mem, id: %d, pe:%lX", id, + verbose(VERB_ALGO, "pythonmod: get_mem, id: %d, pe:%lX", id, (unsigned long int)pe); if(!pe) return 0; @@ -397,11 +397,11 @@ size_t pythonmod_get_mem(struct module_env* env, int id) } /** - * The module function block + * The module function block */ static struct module_func_block pythonmod_block = { "python", - &pythonmod_init, &pythonmod_deinit, &pythonmod_operate, &pythonmod_inform_super, + &pythonmod_init, &pythonmod_deinit, &pythonmod_operate, &pythonmod_inform_super, &pythonmod_clear, &pythonmod_get_mem }; diff --git a/pythonmod/pythonmod.h b/pythonmod/pythonmod.h index 2386882de9c2..7c7c0e751c30 100644 --- a/pythonmod/pythonmod.h +++ b/pythonmod/pythonmod.h @@ -72,5 +72,5 @@ size_t pythonmod_get_mem(struct module_env* env, int id); int python_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct regional* region, void* python_callback); + struct regional* region, int id, void* python_callback); #endif /* PYTHONMOD_H */ diff --git a/pythonmod/test-inplace_callbacks.py b/pythonmod/test-inplace_callbacks.conf index d7081faa616e..d7081faa616e 100644 --- a/pythonmod/test-inplace_callbacks.py +++ b/pythonmod/test-inplace_callbacks.conf diff --git a/respip/respip.c b/respip/respip.c new file mode 100644 index 000000000000..d7132511122a --- /dev/null +++ b/respip/respip.c @@ -0,0 +1,1179 @@ +/* + * respip/respip.c - filtering response IP module + */ + +/** + * \file + * + * This file contains a module that inspects a result of recursive resolution + * to see if any IP address record should trigger a special action. + * If applicable these actions can modify the original response. + */ +#include "config.h" + +#include "services/localzone.h" +#include "services/cache/dns.h" +#include "sldns/str2wire.h" +#include "util/config_file.h" +#include "util/fptr_wlist.h" +#include "util/module.h" +#include "util/net_help.h" +#include "util/regional.h" +#include "util/data/msgreply.h" +#include "util/storage/dnstree.h" +#include "respip/respip.h" +#include "services/view.h" +#include "sldns/rrdef.h" + +/** + * Conceptual set of IP addresses for response AAAA or A records that should + * trigger special actions. + */ +struct respip_set { + struct regional* region; + struct rbtree_type ip_tree; + char* const* tagname; /* shallow copy of tag names, for logging */ + int num_tags; /* number of tagname entries */ +}; + +/** An address span with response control information */ +struct resp_addr { + /** node in address tree */ + struct addr_tree_node node; + /** tag bitlist */ + uint8_t* taglist; + /** length of the taglist (in bytes) */ + size_t taglen; + /** action for this address span */ + enum respip_action action; + /** "local data" for this node */ + struct ub_packed_rrset_key* data; +}; + +/** Subset of resp_addr.node, used for inform-variant logging */ +struct respip_addr_info { + struct sockaddr_storage addr; + socklen_t addrlen; + int net; +}; + +/** Query state regarding the response-ip module. */ +enum respip_state { + /** + * The general state. Unless CNAME chasing takes place, all processing + * is completed in this state without any other asynchronous event. + */ + RESPIP_INIT = 0, + + /** + * A subquery for CNAME chasing is completed. + */ + RESPIP_SUBQUERY_FINISHED +}; + +/** Per query state for the response-ip module. */ +struct respip_qstate { + enum respip_state state; +}; + +struct respip_set* +respip_set_create(void) +{ + struct respip_set* set = calloc(1, sizeof(*set)); + if(!set) + return NULL; + set->region = regional_create(); + if(!set->region) { + free(set); + return NULL; + } + addr_tree_init(&set->ip_tree); + return set; +} + +void +respip_set_delete(struct respip_set* set) +{ + if(!set) + return; + regional_destroy(set->region); + free(set); +} + +struct rbtree_type* +respip_set_get_tree(struct respip_set* set) +{ + if(!set) + return NULL; + return &set->ip_tree; +} + +/** returns the node in the address tree for the specified netblock string; + * non-existent node will be created if 'create' is true */ +static struct resp_addr* +respip_find_or_create(struct respip_set* set, const char* ipstr, int create) +{ + struct resp_addr* node; + struct sockaddr_storage addr; + int net; + socklen_t addrlen; + + if(!netblockstrtoaddr(ipstr, 0, &addr, &addrlen, &net)) { + log_err("cannot parse netblock: '%s'", ipstr); + return NULL; + } + node = (struct resp_addr*)addr_tree_find(&set->ip_tree, &addr, addrlen, net); + if(!node && create) { + node = regional_alloc_zero(set->region, sizeof(*node)); + if(!node) { + log_err("out of memory"); + return NULL; + } + node->action = respip_none; + if(!addr_tree_insert(&set->ip_tree, &node->node, &addr, + addrlen, net)) { + /* We know we didn't find it, so this should be + * impossible. */ + log_warn("unexpected: duplicate address: %s", ipstr); + } + } + return node; +} + +static int +respip_tag_cfg(struct respip_set* set, const char* ipstr, + const uint8_t* taglist, size_t taglen) +{ + struct resp_addr* node; + + if(!(node=respip_find_or_create(set, ipstr, 1))) + return 0; + if(node->taglist) { + log_warn("duplicate response-address-tag for '%s', overridden.", + ipstr); + } + node->taglist = regional_alloc_init(set->region, taglist, taglen); + if(!node->taglist) { + log_err("out of memory"); + return 0; + } + node->taglen = taglen; + return 1; +} + +/** set action for the node specified by the netblock string */ +static int +respip_action_cfg(struct respip_set* set, const char* ipstr, + const char* actnstr) +{ + struct resp_addr* node; + enum respip_action action; + + if(!(node=respip_find_or_create(set, ipstr, 1))) + return 0; + if(node->action != respip_none) { + log_warn("duplicate response-ip action for '%s', overridden.", + ipstr); + } + if(strcmp(actnstr, "deny") == 0) + action = respip_deny; + else if(strcmp(actnstr, "redirect") == 0) + action = respip_redirect; + else if(strcmp(actnstr, "inform") == 0) + action = respip_inform; + else if(strcmp(actnstr, "inform_deny") == 0) + action = respip_inform_deny; + else if(strcmp(actnstr, "always_transparent") == 0) + action = respip_always_transparent; + else if(strcmp(actnstr, "always_refuse") == 0) + action = respip_always_refuse; + else if(strcmp(actnstr, "always_nxdomain") == 0) + action = respip_always_nxdomain; + else { + log_err("unknown response-ip action %s", actnstr); + return 0; + } + node->action = action; + return 1; +} + +/** allocate and initialize an rrset structure; this function is based + * on new_local_rrset() from the localzone.c module */ +static struct ub_packed_rrset_key* +new_rrset(struct regional* region, uint16_t rrtype, uint16_t rrclass) +{ + struct packed_rrset_data* pd; + struct ub_packed_rrset_key* rrset = regional_alloc_zero( + region, sizeof(*rrset)); + if(!rrset) { + log_err("out of memory"); + return NULL; + } + rrset->entry.key = rrset; + pd = regional_alloc_zero(region, sizeof(*pd)); + if(!pd) { + log_err("out of memory"); + return NULL; + } + pd->trust = rrset_trust_prim_noglue; + pd->security = sec_status_insecure; + rrset->entry.data = pd; + rrset->rk.dname = regional_alloc_zero(region, 1); + if(!rrset->rk.dname) { + log_err("out of memory"); + return NULL; + } + rrset->rk.dname_len = 1; + rrset->rk.type = htons(rrtype); + rrset->rk.rrset_class = htons(rrclass); + return rrset; +} + +/** enter local data as resource records into a response-ip node */ +static int +respip_enter_rr(struct regional* region, struct resp_addr* raddr, + const char* rrstr, const char* netblock) +{ + uint8_t* nm; + uint16_t rrtype = 0, rrclass = 0; + time_t ttl = 0; + uint8_t rr[LDNS_RR_BUF_SIZE]; + uint8_t* rdata = NULL; + size_t rdata_len = 0; + char buf[65536]; + char bufshort[64]; + struct packed_rrset_data* pd; + struct sockaddr* sa; + int ret; + if(raddr->action != respip_redirect) { + log_err("cannot parse response-ip-data %s: response-ip " + "action for %s is not redirect", rrstr, netblock); + return 0; + } + ret = snprintf(buf, sizeof(buf), ". %s", rrstr); + if(ret < 0 || ret >= (int)sizeof(buf)) { + strlcpy(bufshort, rrstr, sizeof(bufshort)); + log_err("bad response-ip-data: %s...", bufshort); + return 0; + } + if(!rrstr_get_rr_content(buf, &nm, &rrtype, &rrclass, &ttl, rr, sizeof(rr), + &rdata, &rdata_len)) { + log_err("bad response-ip-data: %s", rrstr); + return 0; + } + sa = (struct sockaddr*)&raddr->node.addr; + if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data) { + log_err("CNAME response-ip data (%s) can not co-exist with other " + "response-ip data for netblock %s", rrstr, netblock); + return 0; + } else if (raddr->data && + raddr->data->rk.type == htons(LDNS_RR_TYPE_CNAME)) { + log_err("response-ip data (%s) can not be added; CNAME response-ip " + "data already in place for netblock %s", rrstr, netblock); + return 0; + } else if((rrtype != LDNS_RR_TYPE_CNAME) && + ((sa->sa_family == AF_INET && rrtype != LDNS_RR_TYPE_A) || + (sa->sa_family == AF_INET6 && rrtype != LDNS_RR_TYPE_AAAA))) { + log_err("response-ip data %s record type does not correspond " + "to netblock %s address family", rrstr, netblock); + return 0; + } + + if(!raddr->data) { + raddr->data = new_rrset(region, rrtype, rrclass); + if(!raddr->data) + return 0; + } + pd = raddr->data->entry.data; + return rrset_insert_rr(region, pd, rdata, rdata_len, ttl, rrstr); +} + +static int +respip_data_cfg(struct respip_set* set, const char* ipstr, const char* rrstr) +{ + struct resp_addr* node; + + node=respip_find_or_create(set, ipstr, 0); + if(!node || node->action == respip_none) { + log_err("cannot parse response-ip-data %s: " + "response-ip node for %s not found", rrstr, ipstr); + return 0; + } + return respip_enter_rr(set->region, node, rrstr, ipstr); +} + +static int +respip_set_apply_cfg(struct respip_set* set, char* const* tagname, int num_tags, + struct config_strbytelist* respip_tags, + struct config_str2list* respip_actions, + struct config_str2list* respip_data) +{ + struct config_strbytelist* p; + struct config_str2list* pa; + struct config_str2list* pd; + + set->tagname = tagname; + set->num_tags = num_tags; + + p = respip_tags; + while(p) { + struct config_strbytelist* np = p->next; + + log_assert(p->str && p->str2); + if(!respip_tag_cfg(set, p->str, p->str2, p->str2len)) { + config_del_strbytelist(p); + return 0; + } + free(p->str); + free(p->str2); + free(p); + p = np; + } + + pa = respip_actions; + while(pa) { + struct config_str2list* np = pa->next; + log_assert(pa->str && pa->str2); + if(!respip_action_cfg(set, pa->str, pa->str2)) { + config_deldblstrlist(pa); + return 0; + } + free(pa->str); + free(pa->str2); + free(pa); + pa = np; + } + + pd = respip_data; + while(pd) { + struct config_str2list* np = pd->next; + log_assert(pd->str && pd->str2); + if(!respip_data_cfg(set, pd->str, pd->str2)) { + config_deldblstrlist(pd); + return 0; + } + free(pd->str); + free(pd->str2); + free(pd); + pd = np; + } + + return 1; +} + +int +respip_global_apply_cfg(struct respip_set* set, struct config_file* cfg) +{ + int ret = respip_set_apply_cfg(set, cfg->tagname, cfg->num_tags, + cfg->respip_tags, cfg->respip_actions, cfg->respip_data); + cfg->respip_data = NULL; + cfg->respip_actions = NULL; + cfg->respip_tags = NULL; + return ret; +} + +/** Iterate through raw view data and apply the view-specific respip + * configuration; at this point we should have already seen all the views, + * so if any of the views that respip data refer to does not exist, that's + * an error. This additional iteration through view configuration data + * is expected to not have significant performance impact (or rather, its + * performance impact is not expected to be prohibitive in the configuration + * processing phase). + */ +int +respip_views_apply_cfg(struct views* vs, struct config_file* cfg, + int* have_view_respip_cfg) +{ + struct config_view* cv; + struct view* v; + int ret; + + for(cv = cfg->views; cv; cv = cv->next) { + + /** if no respip config for this view then there's + * nothing to do; note that even though respip data must go + * with respip action, we're checking for both here because + * we want to catch the case where the respip action is missing + * while the data is present */ + if(!cv->respip_actions && !cv->respip_data) + continue; + + if(!(v = views_find_view(vs, cv->name, 1))) { + log_err("view '%s' unexpectedly missing", cv->name); + return 0; + } + if(!v->respip_set) { + v->respip_set = respip_set_create(); + if(!v->respip_set) { + log_err("out of memory"); + lock_rw_unlock(&v->lock); + return 0; + } + } + ret = respip_set_apply_cfg(v->respip_set, NULL, 0, NULL, + cv->respip_actions, cv->respip_data); + lock_rw_unlock(&v->lock); + if(!ret) { + log_err("Error while applying respip configuration " + "for view '%s'", cv->name); + return 0; + } + *have_view_respip_cfg = (*have_view_respip_cfg || + v->respip_set->ip_tree.count); + cv->respip_actions = NULL; + cv->respip_data = NULL; + } + return 1; +} + +/** + * make a deep copy of 'key' in 'region'. + * This is largely derived from packed_rrset_copy_region() and + * packed_rrset_ptr_fixup(), but differs in the following points: + * + * - It doesn't assume all data in 'key' are in a contiguous memory region. + * Although that would be the case in most cases, 'key' can be passed from + * a lower-level module and it might not build the rrset to meet the + * assumption. In fact, an rrset specified as response-ip-data or generated + * in local_data_find_tag_datas() breaks the assumption. So it would be + * safer not to naively rely on the assumption. On the other hand, this + * function ensures the copied rrset data are in a contiguous region so + * that it won't cause a disruption even if an upper layer module naively + * assumes the memory layout. + * - It doesn't copy RRSIGs (if any) in 'key'. The rrset will be used in + * a reply that was already faked, so it doesn't make much sense to provide + * partial sigs even if they are valid themselves. + * - It doesn't adjust TTLs as it basically has to be a verbatim copy of 'key' + * just allocated in 'region' (the assumption is necessary TTL adjustment + * has been already done in 'key'). + * + * This function returns the copied rrset key on success, and NULL on memory + * allocation failure. + */ +struct ub_packed_rrset_key* +copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region) +{ + struct ub_packed_rrset_key* ck = regional_alloc(region, + sizeof(struct ub_packed_rrset_key)); + struct packed_rrset_data* d; + struct packed_rrset_data* data = key->entry.data; + size_t dsize, i; + uint8_t* nextrdata; + + /* derived from packed_rrset_copy_region(), but don't use + * packed_rrset_sizeof() and do exclude RRSIGs */ + if(!ck) + return NULL; + ck->id = key->id; + memset(&ck->entry, 0, sizeof(ck->entry)); + ck->entry.hash = key->entry.hash; + ck->entry.key = ck; + ck->rk = key->rk; + ck->rk.dname = regional_alloc_init(region, key->rk.dname, + key->rk.dname_len); + if(!ck->rk.dname) + return NULL; + + dsize = sizeof(struct packed_rrset_data) + data->count * + (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)); + for(i=0; i<data->count; i++) + dsize += data->rr_len[i]; + d = regional_alloc(region, dsize); + if(!d) + return NULL; + *d = *data; + d->rrsig_count = 0; + ck->entry.data = d; + + /* derived from packed_rrset_ptr_fixup() with copying the data */ + d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data)); + d->rr_data = (uint8_t**)&(d->rr_len[d->count]); + d->rr_ttl = (time_t*)&(d->rr_data[d->count]); + nextrdata = (uint8_t*)&(d->rr_ttl[d->count]); + for(i=0; i<d->count; i++) { + d->rr_len[i] = data->rr_len[i]; + d->rr_ttl[i] = data->rr_ttl[i]; + d->rr_data[i] = nextrdata; + memcpy(d->rr_data[i], data->rr_data[i], data->rr_len[i]); + nextrdata += d->rr_len[i]; + } + + return ck; +} + +int +respip_init(struct module_env* env, int id) +{ + (void)env; + (void)id; + return 1; +} + +void +respip_deinit(struct module_env* env, int id) +{ + (void)env; + (void)id; +} + +/** Convert a packed AAAA or A RRset to sockaddr. */ +static int +rdata2sockaddr(const struct packed_rrset_data* rd, uint16_t rtype, size_t i, + struct sockaddr_storage* ss, socklen_t* addrlenp) +{ + /* unbound can accept and cache odd-length AAAA/A records, so we have + * to validate the length. */ + if(rtype == LDNS_RR_TYPE_A && rd->rr_len[i] == 6) { + struct sockaddr_in* sa4 = (struct sockaddr_in*)ss; + + memset(sa4, 0, sizeof(*sa4)); + sa4->sin_family = AF_INET; + memcpy(&sa4->sin_addr, rd->rr_data[i] + 2, + sizeof(sa4->sin_addr)); + *addrlenp = sizeof(*sa4); + return 1; + } else if(rtype == LDNS_RR_TYPE_AAAA && rd->rr_len[i] == 18) { + struct sockaddr_in6* sa6 = (struct sockaddr_in6*)ss; + + memset(sa6, 0, sizeof(*sa6)); + sa6->sin6_family = AF_INET6; + memcpy(&sa6->sin6_addr, rd->rr_data[i] + 2, + sizeof(sa6->sin6_addr)); + *addrlenp = sizeof(*sa6); + return 1; + } + return 0; +} + +/** + * Search the given 'iptree' for response address information that matches + * any of the IP addresses in an AAAA or A in the answer section of the + * response (stored in 'rep'). If found, a pointer to the matched resp_addr + * structure will be returned, and '*rrset_id' is set to the index in + * rep->rrsets for the RRset that contains the matching IP address record + * (the index is normally 0, but can be larger than that if this is a CNAME + * chain or type-ANY response). + */ +static const struct resp_addr* +respip_addr_lookup(const struct reply_info *rep, struct rbtree_type* iptree, + size_t* rrset_id) +{ + size_t i; + struct resp_addr* ra; + struct sockaddr_storage ss; + socklen_t addrlen; + + for(i=0; i<rep->an_numrrsets; i++) { + size_t j; + const struct packed_rrset_data* rd; + uint16_t rtype = ntohs(rep->rrsets[i]->rk.type); + + if(rtype != LDNS_RR_TYPE_A && rtype != LDNS_RR_TYPE_AAAA) + continue; + rd = rep->rrsets[i]->entry.data; + for(j = 0; j < rd->count; j++) { + if(!rdata2sockaddr(rd, rtype, j, &ss, &addrlen)) + continue; + ra = (struct resp_addr*)addr_tree_lookup(iptree, &ss, + addrlen); + if(ra) { + *rrset_id = i; + return ra; + } + } + } + + return NULL; +} + +/* + * Create a new reply_info based on 'rep'. The new info is based on + * the passed 'rep', but ignores any rrsets except for the first 'an_numrrsets' + * RRsets in the answer section. These answer rrsets are copied to the + * new info, up to 'copy_rrsets' rrsets (which must not be larger than + * 'an_numrrsets'). If an_numrrsets > copy_rrsets, the remaining rrsets array + * entries will be kept empty so the caller can fill them later. When rrsets + * are copied, they are shallow copied. The caller must ensure that the + * copied rrsets are valid throughout its lifetime and must provide appropriate + * mutex if it can be shared by multiple threads. + */ +static struct reply_info * +make_new_reply_info(const struct reply_info* rep, struct regional* region, + size_t an_numrrsets, size_t copy_rrsets) +{ + struct reply_info* new_rep; + size_t i; + + /* create a base struct. we specify 'insecure' security status as + * the modified response won't be DNSSEC-valid. In our faked response + * the authority and additional sections will be empty (except possible + * EDNS0 OPT RR in the additional section appended on sending it out), + * so the total number of RRsets is an_numrrsets. */ + new_rep = construct_reply_info_base(region, rep->flags, + rep->qdcount, rep->ttl, rep->prefetch_ttl, an_numrrsets, + 0, 0, an_numrrsets, sec_status_insecure); + if(!new_rep) + return NULL; + if(!reply_info_alloc_rrset_keys(new_rep, NULL, region)) + return NULL; + for(i=0; i<copy_rrsets; i++) + new_rep->rrsets[i] = rep->rrsets[i]; + + return new_rep; +} + +/** + * See if response-ip or tag data should override the original answer rrset + * (which is rep->rrsets[rrset_id]) and if so override it. + * This is (mostly) equivalent to localzone.c:local_data_answer() but for + * response-ip actions. + * Note that this function distinguishes error conditions from "success but + * not overridden". This is because we want to avoid accidentally applying + * the "no data" action in case of error. + * @param raddr: address span that requires an action + * @param action: action to apply + * @param qtype: original query type + * @param rep: original reply message + * @param rrset_id: the rrset ID in 'rep' to which the action should apply + * @param new_repp: see respip_rewrite_reply + * @param tag: if >= 0 the tag ID used to determine the action and data + * @param tag_datas: data corresponding to 'tag'. + * @param tag_datas_size: size of 'tag_datas' + * @param tagname: array of tag names, used for logging + * @param num_tags: size of 'tagname', used for logging + * @param redirect_rrsetp: ptr to redirect record + * @param region: region for building new reply + * @return 1 if overridden, 0 if not overridden, -1 on error. + */ +static int +respip_data_answer(const struct resp_addr* raddr, enum respip_action action, + uint16_t qtype, const struct reply_info* rep, + size_t rrset_id, struct reply_info** new_repp, int tag, + struct config_strlist** tag_datas, size_t tag_datas_size, + char* const* tagname, int num_tags, + struct ub_packed_rrset_key** redirect_rrsetp, struct regional* region) +{ + struct ub_packed_rrset_key* rp = raddr->data; + struct reply_info* new_rep; + *redirect_rrsetp = NULL; + + if(action == respip_redirect && tag != -1 && + (size_t)tag<tag_datas_size && tag_datas[tag]) { + struct query_info dataqinfo; + struct ub_packed_rrset_key r; + + /* Extract parameters of the original answer rrset that can be + * rewritten below, in the form of query_info. Note that these + * can be different from the info of the original query if the + * rrset is a CNAME target.*/ + memset(&dataqinfo, 0, sizeof(dataqinfo)); + dataqinfo.qname = rep->rrsets[rrset_id]->rk.dname; + dataqinfo.qname_len = rep->rrsets[rrset_id]->rk.dname_len; + dataqinfo.qtype = ntohs(rep->rrsets[rrset_id]->rk.type); + dataqinfo.qclass = ntohs(rep->rrsets[rrset_id]->rk.rrset_class); + + memset(&r, 0, sizeof(r)); + if(local_data_find_tag_datas(&dataqinfo, tag_datas[tag], &r, + region)) { + verbose(VERB_ALGO, + "response-ip redirect with tag data [%d] %s", + tag, (tag<num_tags?tagname[tag]:"null")); + /* use copy_rrset() to 'normalize' memory layout */ + rp = copy_rrset(&r, region); + if(!rp) + return -1; + } + } + if(!rp) + return 0; + + /* If we are using response-ip-data, we need to make a copy of rrset + * to replace the rrset's dname. Note that, unlike local data, we + * rename the dname for other actions than redirect. This is because + * response-ip-data isn't associated to any specific name. */ + if(rp == raddr->data) { + rp = copy_rrset(rp, region); + if(!rp) + return -1; + rp->rk.dname = rep->rrsets[rrset_id]->rk.dname; + rp->rk.dname_len = rep->rrsets[rrset_id]->rk.dname_len; + } + + /* Build a new reply with redirect rrset. We keep any preceding CNAMEs + * and replace the address rrset that triggers the action. If it's + * type ANY query, however, no other answer records should be kept + * (note that it can't be a CNAME chain in this case due to + * sanitizing). */ + if(qtype == LDNS_RR_TYPE_ANY) + rrset_id = 0; + new_rep = make_new_reply_info(rep, region, rrset_id + 1, rrset_id); + if(!new_rep) + return -1; + rp->rk.flags |= PACKED_RRSET_FIXEDTTL; /* avoid adjusting TTL */ + new_rep->rrsets[rrset_id] = rp; + + *redirect_rrsetp = rp; + *new_repp = new_rep; + return 1; +} + +/** + * apply response ip action in case where no action data is provided. + * this is similar to localzone.c:lz_zone_answer() but simplified due to + * the characteristics of response ip: + * - 'deny' variants will be handled at the caller side + * - no specific processing for 'transparent' variants: unlike local zones, + * there is no such a case of 'no data but name existing'. so all variants + * just mean 'transparent if no data'. + * @param qtype: query type + * @param action: found action + * @param rep: + * @param new_repp + * @param rrset_id + * @param region: region for building new reply + * @return 1 on success, 0 on error. + */ +static int +respip_nodata_answer(uint16_t qtype, enum respip_action action, + const struct reply_info *rep, size_t rrset_id, + struct reply_info** new_repp, struct regional* region) +{ + struct reply_info* new_rep; + + if(action == respip_refuse || action == respip_always_refuse) { + new_rep = make_new_reply_info(rep, region, 0, 0); + if(!new_rep) + return 0; + FLAGS_SET_RCODE(new_rep->flags, LDNS_RCODE_REFUSED); + *new_repp = new_rep; + return 1; + } else if(action == respip_static || action == respip_redirect || + action == respip_always_nxdomain) { + /* Since we don't know about other types of the owner name, + * we generally return NOERROR/NODATA unless an NXDOMAIN action + * is explicitly specified. */ + int rcode = (action == respip_always_nxdomain)? + LDNS_RCODE_NXDOMAIN:LDNS_RCODE_NOERROR; + + /* We should empty the answer section except for any preceding + * CNAMEs (in that case rrset_id > 0). Type-ANY case is + * special as noted in respip_data_answer(). */ + if(qtype == LDNS_RR_TYPE_ANY) + rrset_id = 0; + new_rep = make_new_reply_info(rep, region, rrset_id, rrset_id); + if(!new_rep) + return 0; + FLAGS_SET_RCODE(new_rep->flags, rcode); + *new_repp = new_rep; + return 1; + } + + return 1; +} + +/** Populate action info structure with the results of response-ip action + * processing, iff as the result of response-ip processing we are actually + * taking some action. Only action is set if action_only is true. + * Returns true on success, false on failure. + */ +static int +populate_action_info(struct respip_action_info* actinfo, + enum respip_action action, const struct resp_addr* raddr, + const struct ub_packed_rrset_key* ATTR_UNUSED(rrset), + int ATTR_UNUSED(tag), const struct respip_set* ATTR_UNUSED(ipset), + int ATTR_UNUSED(action_only), struct regional* region) +{ + if(action == respip_none || !raddr) + return 1; + actinfo->action = action; + + /* for inform variants, make a copy of the matched address block for + * later logging. We make a copy to proactively avoid disruption if + * and when we allow a dynamic update to the respip tree. */ + if(action == respip_inform || action == respip_inform_deny) { + struct respip_addr_info* a = + regional_alloc_zero(region, sizeof(*a)); + if(!a) { + log_err("out of memory"); + return 0; + } + a->addr = raddr->node.addr; + a->addrlen = raddr->node.addrlen; + a->net = raddr->node.net; + actinfo->addrinfo = a; + } + + return 1; +} + +int +respip_rewrite_reply(const struct query_info* qinfo, + const struct respip_client_info* cinfo, const struct reply_info* rep, + struct reply_info** new_repp, struct respip_action_info* actinfo, + struct ub_packed_rrset_key** alias_rrset, int search_only, + struct regional* region) +{ + const uint8_t* ctaglist; + size_t ctaglen; + const uint8_t* tag_actions; + size_t tag_actions_size; + struct config_strlist** tag_datas; + size_t tag_datas_size; + struct view* view = NULL; + struct respip_set* ipset = NULL; + size_t rrset_id = 0; + enum respip_action action = respip_none; + int tag = -1; + const struct resp_addr* raddr = NULL; + int ret = 1; + struct ub_packed_rrset_key* redirect_rrset = NULL; + + if(!cinfo) + goto done; + ctaglist = cinfo->taglist; + ctaglen = cinfo->taglen; + tag_actions = cinfo->tag_actions; + tag_actions_size = cinfo->tag_actions_size; + tag_datas = cinfo->tag_datas; + tag_datas_size = cinfo->tag_datas_size; + view = cinfo->view; + ipset = cinfo->respip_set; + + /** Try to use response-ip config from the view first; use + * global response-ip config if we don't have the view or we don't + * have the matching per-view config (and the view allows the use + * of global data in this case). + * Note that we lock the view even if we only use view members that + * currently don't change after creation. This is for safety for + * future possible changes as the view documentation seems to expect + * any of its member can change in the view's lifetime. + * Note also that we assume 'view' is valid in this function, which + * should be safe (see unbound bug #1191) */ + if(view) { + lock_rw_rdlock(&view->lock); + if(view->respip_set) { + if((raddr = respip_addr_lookup(rep, + &view->respip_set->ip_tree, &rrset_id))) { + /** for per-view respip directives the action + * can only be direct (i.e. not tag-based) */ + action = raddr->action; + } + } + if(!raddr && !view->isfirst) + goto done; + } + if(!raddr && ipset && (raddr = respip_addr_lookup(rep, &ipset->ip_tree, + &rrset_id))) { + action = (enum respip_action)local_data_find_tag_action( + raddr->taglist, raddr->taglen, ctaglist, ctaglen, + tag_actions, tag_actions_size, + (enum localzone_type)raddr->action, &tag, + ipset->tagname, ipset->num_tags); + } + if(raddr && !search_only) { + int result = 0; + + /* first, see if we have response-ip or tag action for the + * action except for 'always' variants. */ + if(action != respip_always_refuse + && action != respip_always_transparent + && action != respip_always_nxdomain + && (result = respip_data_answer(raddr, action, + qinfo->qtype, rep, rrset_id, new_repp, tag, tag_datas, + tag_datas_size, ipset->tagname, ipset->num_tags, + &redirect_rrset, region)) < 0) { + ret = 0; + goto done; + } + + /* if no action data applied, take action specific to the + * action without data. */ + if(!result && !respip_nodata_answer(qinfo->qtype, action, rep, + rrset_id, new_repp, region)) { + ret = 0; + goto done; + } + } + done: + if(view) { + lock_rw_unlock(&view->lock); + } + if(ret) { + /* If we're redirecting the original answer to a + * CNAME, record the CNAME rrset so the caller can take + * the appropriate action. Note that we don't check the + * action type; it should normally be 'redirect', but it + * can be of other type when a data-dependent tag action + * uses redirect response-ip data. + */ + if(redirect_rrset && + redirect_rrset->rk.type == ntohs(LDNS_RR_TYPE_CNAME) && + qinfo->qtype != LDNS_RR_TYPE_ANY) + *alias_rrset = redirect_rrset; + /* on success, populate respip result structure */ + ret = populate_action_info(actinfo, action, raddr, + redirect_rrset, tag, ipset, search_only, region); + } + return ret; +} + +static int +generate_cname_request(struct module_qstate* qstate, + struct ub_packed_rrset_key* alias_rrset) +{ + struct module_qstate* subq = NULL; + struct query_info subqi; + + memset(&subqi, 0, sizeof(subqi)); + get_cname_target(alias_rrset, &subqi.qname, &subqi.qname_len); + if(!subqi.qname) + return 0; /* unexpected: not a valid CNAME RDATA */ + subqi.qtype = qstate->qinfo.qtype; + subqi.qclass = qstate->qinfo.qclass; + fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); + return (*qstate->env->attach_sub)(qstate, &subqi, BIT_RD, 0, 0, &subq); +} + +void +respip_operate(struct module_qstate* qstate, enum module_ev event, int id, + struct outbound_entry* outbound) +{ + struct respip_qstate* rq = (struct respip_qstate*)qstate->minfo[id]; + + log_query_info(VERB_QUERY, "respip operate: query", &qstate->qinfo); + (void)outbound; + + if(event == module_event_new || event == module_event_pass) { + if(!rq) { + rq = regional_alloc_zero(qstate->region, sizeof(*rq)); + if(!rq) + goto servfail; + rq->state = RESPIP_INIT; + qstate->minfo[id] = rq; + } + if(rq->state == RESPIP_SUBQUERY_FINISHED) { + qstate->ext_state[id] = module_finished; + return; + } + verbose(VERB_ALGO, "respip: pass to next module"); + qstate->ext_state[id] = module_wait_module; + } else if(event == module_event_moddone) { + /* If the reply may be subject to response-ip rewriting + * according to the query type, check the actions. If a + * rewrite is necessary, we'll replace the reply in qstate + * with the new one. */ + enum module_ext_state next_state = module_finished; + + if((qstate->qinfo.qtype == LDNS_RR_TYPE_A || + qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA || + qstate->qinfo.qtype == LDNS_RR_TYPE_ANY) && + qstate->return_msg && qstate->return_msg->rep) { + struct respip_action_info actinfo = {respip_none, NULL}; + struct reply_info* new_rep = qstate->return_msg->rep; + struct ub_packed_rrset_key* alias_rrset = NULL; + + if(!respip_rewrite_reply(&qstate->qinfo, + qstate->client_info, qstate->return_msg->rep, + &new_rep, &actinfo, &alias_rrset, 0, + qstate->region)) { + goto servfail; + } + if(actinfo.action != respip_none) { + /* save action info for logging on a + * per-front-end-query basis */ + if(!(qstate->respip_action_info = + regional_alloc_init(qstate->region, + &actinfo, sizeof(actinfo)))) + { + log_err("out of memory"); + goto servfail; + } + } else { + qstate->respip_action_info = NULL; + } + if (new_rep == qstate->return_msg->rep && + (actinfo.action == respip_deny || + actinfo.action == respip_inform_deny)) { + /* for deny-variant actions (unless response-ip + * data is applied), mark the query state so + * the response will be dropped for all + * clients. */ + qstate->is_drop = 1; + } else if(alias_rrset) { + if(!generate_cname_request(qstate, alias_rrset)) + goto servfail; + next_state = module_wait_subquery; + } + qstate->return_msg->rep = new_rep; + } + qstate->ext_state[id] = next_state; + } else + qstate->ext_state[id] = module_finished; + + return; + + servfail: + qstate->return_rcode = LDNS_RCODE_SERVFAIL; + qstate->return_msg = NULL; +} + +int +respip_merge_cname(struct reply_info* base_rep, + const struct query_info* qinfo, const struct reply_info* tgt_rep, + const struct respip_client_info* cinfo, int must_validate, + struct reply_info** new_repp, struct regional* region) +{ + struct reply_info* new_rep; + struct reply_info* tmp_rep = NULL; /* just a placeholder */ + struct ub_packed_rrset_key* alias_rrset = NULL; /* ditto */ + uint16_t tgt_rcode; + size_t i, j; + struct respip_action_info actinfo = {respip_none, NULL}; + + /* If the query for the CNAME target would result in an unusual rcode, + * we generally translate it as a failure for the base query + * (which would then be translated into SERVFAIL). The only exception + * is NXDOMAIN and YXDOMAIN, which are passed to the end client(s). + * The YXDOMAIN case would be rare but still possible (when + * DNSSEC-validated DNAME has been cached but synthesizing CNAME + * can't be generated due to length limitation) */ + tgt_rcode = FLAGS_GET_RCODE(tgt_rep->flags); + if((tgt_rcode != LDNS_RCODE_NOERROR && + tgt_rcode != LDNS_RCODE_NXDOMAIN && + tgt_rcode != LDNS_RCODE_YXDOMAIN) || + (must_validate && tgt_rep->security <= sec_status_bogus)) { + return 0; + } + + /* see if the target reply would be subject to a response-ip action. */ + if(!respip_rewrite_reply(qinfo, cinfo, tgt_rep, &tmp_rep, &actinfo, + &alias_rrset, 1, region)) + return 0; + if(actinfo.action != respip_none) { + log_info("CNAME target of redirect response-ip action would " + "be subject to response-ip action, too; stripped"); + *new_repp = base_rep; + return 1; + } + + /* Append target reply to the base. Since we cannot assume + * tgt_rep->rrsets is valid throughout the lifetime of new_rep + * or it can be safely shared by multiple threads, we need to make a + * deep copy. */ + new_rep = make_new_reply_info(base_rep, region, + base_rep->an_numrrsets + tgt_rep->an_numrrsets, + base_rep->an_numrrsets); + if(!new_rep) + return 0; + for(i=0,j=base_rep->an_numrrsets; i<tgt_rep->an_numrrsets; i++,j++) { + new_rep->rrsets[j] = copy_rrset(tgt_rep->rrsets[i], region); + if(!new_rep->rrsets[j]) + return 0; + } + + FLAGS_SET_RCODE(new_rep->flags, tgt_rcode); + *new_repp = new_rep; + return 1; +} + +void +respip_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super) +{ + struct respip_qstate* rq = (struct respip_qstate*)super->minfo[id]; + struct reply_info* new_rep = NULL; + + rq->state = RESPIP_SUBQUERY_FINISHED; + + /* respip subquery should have always been created with a valid reply + * in super. */ + log_assert(super->return_msg && super->return_msg->rep); + + /* return_msg can be NULL when, e.g., the sub query resulted in + * SERVFAIL, in which case we regard it as a failure of the original + * query. Other checks are probably redundant, but we check them + * for safety. */ + if(!qstate->return_msg || !qstate->return_msg->rep || + qstate->return_rcode != LDNS_RCODE_NOERROR) + goto fail; + + if(!respip_merge_cname(super->return_msg->rep, &qstate->qinfo, + qstate->return_msg->rep, super->client_info, + super->env->need_to_validate, &new_rep, super->region)) + goto fail; + super->return_msg->rep = new_rep; + return; + + fail: + super->return_rcode = LDNS_RCODE_SERVFAIL; + super->return_msg = NULL; + return; +} + +void +respip_clear(struct module_qstate* qstate, int id) +{ + qstate->minfo[id] = NULL; +} + +size_t +respip_get_mem(struct module_env* env, int id) +{ + (void)env; + (void)id; + return 0; +} + +/** + * The response-ip function block + */ +static struct module_func_block respip_block = { + "respip", + &respip_init, &respip_deinit, &respip_operate, &respip_inform_super, + &respip_clear, &respip_get_mem +}; + +struct module_func_block* +respip_get_funcblock(void) +{ + return &respip_block; +} + +enum respip_action +resp_addr_get_action(const struct resp_addr* addr) +{ + return addr ? addr->action : respip_none; +} + +struct ub_packed_rrset_key* +resp_addr_get_rrset(struct resp_addr* addr) +{ + return addr ? addr->data : NULL; +} + +int +respip_set_is_empty(const struct respip_set* set) +{ + return set ? set->ip_tree.count == 0 : 1; +} + +void +respip_inform_print(struct respip_addr_info* respip_addr, uint8_t* qname, + uint16_t qtype, uint16_t qclass, struct local_rrset* local_alias, + struct comm_reply* repinfo) +{ + char srcip[128], respip[128], txt[512]; + unsigned port; + + if(local_alias) + qname = local_alias->rrset->rk.dname; + port = (unsigned)((repinfo->addr.ss_family == AF_INET) ? + ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port) : + ntohs(((struct sockaddr_in6*)&repinfo->addr)->sin6_port)); + addr_to_str(&repinfo->addr, repinfo->addrlen, srcip, sizeof(srcip)); + addr_to_str(&respip_addr->addr, respip_addr->addrlen, + respip, sizeof(respip)); + snprintf(txt, sizeof(txt), "%s/%d inform %s@%u", respip, + respip_addr->net, srcip, port); + log_nametypeclass(0, txt, qname, qtype, qclass); +} diff --git a/respip/respip.h b/respip/respip.h new file mode 100644 index 000000000000..01309caece51 --- /dev/null +++ b/respip/respip.h @@ -0,0 +1,230 @@ +/* + * respip/respip.h - IP-based response modification module + */ + +/** + * \file + * + * This file contains a module that selectively modifies query responses + * based on their AAAA/A IP addresses. + */ + +#ifndef RESPIP_RESPIP_H +#define RESPIP_RESPIP_H + +#include "util/module.h" +#include "services/localzone.h" + +/** + * Set of response IP addresses with associated actions and tags. + * Forward declaration only here. Actual definition is hidden within the + * module. + */ +struct respip_set; + +/** + * Forward declaration for the structure that represents a node in the + * respip_set address tree + */ +struct resp_addr; + +/** + * Forward declaration for the structure that represents a tree of view data. + */ +struct views; + +struct respip_addr_info; + +/** + * Client-specific attributes that can affect IP-based actions. + * This is essentially a subset of acl_addr (except for respip_set) but + * defined as a separate structure to avoid dependency on the daemon-specific + * structure. + * respip_set is supposed to refer to the response-ip set for the global view. + */ +struct respip_client_info { + uint8_t* taglist; + size_t taglen; + uint8_t* tag_actions; + size_t tag_actions_size; + struct config_strlist** tag_datas; + size_t tag_datas_size; + struct view* view; + struct respip_set* respip_set; +}; + +/** + * Data items representing the result of response-ip processing. + * Note: this structure currently only define a few members, but exists + * as a separate struct mainly for the convenience of custom extensions. + */ +struct respip_action_info { + enum respip_action action; + struct respip_addr_info* addrinfo; /* set only for inform variants */ +}; + +/** + * Forward declaration for the structure that represents a node in the + * respip_set address tree + */ +struct resp_addr; + +/** + * Create response IP set. + * @return new struct or NULL on error. + */ +struct respip_set* respip_set_create(void); + +/** + * Delete response IP set. + * @param set: to delete. + */ +void respip_set_delete(struct respip_set* set); + +/** + * Apply response-ip config settings to the global (default) view. + * It assumes exclusive access to set (no internal locks). + * @param set: processed global respip config data + * @param cfg: config data. + * @return 1 on success, 0 on error. + */ +int respip_global_apply_cfg(struct respip_set* set, struct config_file* cfg); + +/** + * Apply response-ip config settings in named views. + * @param vs: view structures with processed config data + * @param cfg: config data. + * @param have_view_respip_cfg: set to true if any named view has respip + * configuration; otherwise set to false + * @return 1 on success, 0 on error. + */ +int respip_views_apply_cfg(struct views* vs, struct config_file* cfg, + int* have_view_respip_cfg); + +/** + * Merge two replies to build a complete CNAME chain. + * It appends the content of 'tgt_rep' to 'base_rep', assuming (but not + * checking) the former ends with a CNAME and the latter resolves its target. + * A merged new reply will be built using 'region' and *new_repp will point + * to the new one on success. + * If the target reply would also be subject to a response-ip action for + * 'cinfo', this function uses 'base_rep' as the merged reply, ignoring + * 'tgt_rep'. This is for avoiding cases like a CNAME loop or failure of + * applying an action to an address. + * RRSIGs in 'tgt_rep' will be excluded in the merged reply, as the resulting + * reply is assumed to be faked due to a response-ip action and can't be + * considered secure in terms of DNSSEC. + * The caller must ensure that neither 'base_rep' nor 'tgt_rep' can be modified + * until this function returns. + * @param base_rep: the reply info containing an incomplete CNAME. + * @param qinfo: query info corresponding to 'base_rep'. + * @param tgt_rep: the reply info that completes the CNAME chain. + * @param cinfo: client info corresponding to 'base_rep'. + * @param must_validate: whether 'tgt_rep' must be DNSSEC-validated. + * @param new_repp: pointer placeholder for the merged reply. will be intact + * on error. + * @param region: allocator to build *new_repp. + * @return 1 on success, 0 on error. + */ +int respip_merge_cname(struct reply_info* base_rep, + const struct query_info* qinfo, const struct reply_info* tgt_rep, + const struct respip_client_info* cinfo, int must_validate, + struct reply_info** new_repp, struct regional* region); + +/** + * See if any IP-based action should apply to any IP address of AAAA/A answer + * record in the reply. If so, apply the action. In some cases it rewrites + * the reply rrsets, in which case *new_repp will point to the updated reply + * info. Depending on the action, some of the rrsets in 'rep' will be + * shallow-copied into '*new_repp'; the caller must ensure that the rrsets + * in 'rep' are valid throughout the lifetime of *new_repp, and it must + * provide appropriate mutex if the rrsets can be shared by multiple threads. + * @param qinfo: query info corresponding to the reply. + * @param cinfo: client-specific info to identify the best matching action. + * can be NULL. + * @param rep: original reply info. must not be NULL. + * @param new_repp: can be set to the rewritten reply info (intact on failure). + * @param actinfo: result of response-ip processing + * @param alias_rrset: must not be NULL. + * @param search_only: if true, only check if an action would apply. actionp + * will be set (or intact) accordingly but the modified reply won't be built. + * @param region: allocator to build *new_repp. + * @return 1 on success, 0 on error. + */ +int respip_rewrite_reply(const struct query_info* qinfo, + const struct respip_client_info* cinfo, + const struct reply_info *rep, struct reply_info** new_repp, + struct respip_action_info* actinfo, + struct ub_packed_rrset_key** alias_rrset, + int search_only, struct regional* region); + +/** + * Get the response-ip function block. + * @return: function block with function pointers to response-ip methods. + */ +struct module_func_block* respip_get_funcblock(void); + +/** response-ip init */ +int respip_init(struct module_env* env, int id); + +/** response-ip deinit */ +void respip_deinit(struct module_env* env, int id); + +/** response-ip operate on a query */ +void respip_operate(struct module_qstate* qstate, enum module_ev event, int id, + struct outbound_entry* outbound); + +/** inform response-ip super */ +void respip_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super); + +/** response-ip cleanup query state */ +void respip_clear(struct module_qstate* qstate, int id); + +/** + * returns address of the IP address tree of the specified respip set; + * returns NULL for NULL input; exists for test purposes only + */ +struct rbtree_type* respip_set_get_tree(struct respip_set* set); + +/** + * returns respip action for the specified node in the respip address + * returns respip_none for NULL input; exists for test purposes only + */ +enum respip_action resp_addr_get_action(const struct resp_addr* addr); + +/** + * returns rrset portion of the specified node in the respip address + * tree; returns NULL for NULL input; exists for test purposes only + */ +struct ub_packed_rrset_key* resp_addr_get_rrset(struct resp_addr* addr); + +/** response-ip alloc size routine */ +size_t respip_get_mem(struct module_env* env, int id); + +/** + * respip set emptiness test + * @param set respip set to test + * @return 0 if the specified set exists (non-NULL) and is non-empty; + * otherwise returns 1 + */ +int respip_set_is_empty(const struct respip_set* set); + +/** + * print log information for a query subject to an inform or inform-deny + * response-ip action. + * @param respip_addr: response-ip information that causes the action + * @param qname: query name in the context, will be ignored if local_alias is + * non-NULL. + * @param qtype: query type, in host byte order. + * @param qclass: query class, in host byte order. + * @param local_alias: set to a local alias if the query matches an alias in + * a local zone. In this case its owner name will be considered the actual + * query name. + * @param repinfo: reply info containing the client's source address and port. + */ +void respip_inform_print(struct respip_addr_info* respip_addr, uint8_t* qname, + uint16_t qtype, uint16_t qclass, struct local_rrset* local_alias, + struct comm_reply* repinfo); + +#endif /* RESPIP_RESPIP_H */ diff --git a/services/cache/dns.c b/services/cache/dns.c index 7beb76164986..a8fde9f2890e 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -479,8 +479,7 @@ gen_dns_msg(struct regional* region, struct query_info* q, size_t num) return msg; } -/** generate dns_msg from cached message */ -static struct dns_msg* +struct dns_msg* tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, struct regional* region, time_t now, struct regional* scratch) { @@ -525,8 +524,11 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, return NULL; } } - rrset_array_unlock_touch(env->rrset_cache, scratch, r->ref, + if(env) + rrset_array_unlock_touch(env->rrset_cache, scratch, r->ref, r->rrset_count); + else + rrset_array_unlock(r->ref, r->rrset_count); return msg; } diff --git a/services/cache/dns.h b/services/cache/dns.h index 15a4a236b028..0dfb68874403 100644 --- a/services/cache/dns.h +++ b/services/cache/dns.h @@ -126,6 +126,20 @@ struct delegpt* dns_cache_find_delegation(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, struct regional* region, struct dns_msg** msg, time_t timenow); +/** + * generate dns_msg from cached message + * @param env: module environment with the DNS cache. NULL if the LRU from cache + * does not need to be touched. + * @param q: query info, contains qname that will make up the dns message. + * @param r: reply info that, together with qname, will make up the dns message. + * @param region: where to allocate dns message. + * @param now: the time now, for check if TTL on cache entry is ok. + * @param scratch: where to allocate temporary data. + * */ +struct dns_msg* tomsg(struct module_env* env, struct query_info* q, + struct reply_info* r, struct regional* region, time_t now, + struct regional* scratch); + /** * Find cached message * @param env: module environment with the DNS cache. diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 0132ce45f781..37ee9a6b9b46 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -1056,15 +1056,25 @@ set_recvpktinfo(int s, int family) * @param tcp_mss: maximum segment size of tcp socket. default if zero. * @param freebind: set IP_FREEBIND socket option. * @param use_systemd: if true, fetch sockets from systemd. + * @param dnscrypt_port: dnscrypt service port number * @return: returns false on error. */ static int ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, struct addrinfo *hints, const char* port, struct listen_port** list, size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent, - int tcp_mss, int freebind, int use_systemd) + int tcp_mss, int freebind, int use_systemd, int dnscrypt_port) { int s, noip6=0; +#ifdef USE_DNSCRYPT + int is_dnscrypt = ((strchr(ifname, '@') && + atoi(strchr(ifname, '@')+1) == dnscrypt_port) || + (!strchr(ifname, '@') && atoi(port) == dnscrypt_port)); +#else + int is_dnscrypt = 0; + (void)dnscrypt_port; +#endif + if(!do_udp && !do_tcp) return 0; if(do_auto) { @@ -1086,7 +1096,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, #endif return 0; } - if(!port_insert(list, s, listen_type_udpancil)) { + if(!port_insert(list, s, + is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { #ifndef USE_WINSOCK close(s); #else @@ -1105,7 +1116,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } return 0; } - if(!port_insert(list, s, listen_type_udp)) { + if(!port_insert(list, s, + is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { #ifndef USE_WINSOCK close(s); #else @@ -1130,7 +1142,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if(is_ssl) verbose(VERB_ALGO, "setup TCP for SSL service"); if(!port_insert(list, s, is_ssl?listen_type_ssl: - listen_type_tcp)) { + (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) { #ifndef USE_WINSOCK close(s); #else @@ -1172,6 +1184,9 @@ listen_create(struct comm_base* base, struct listen_port* ports, return NULL; front->cps = NULL; front->udp_buff = sldns_buffer_new(bufsize); +#ifdef USE_DNSCRYPT + front->dnscrypt_udp_buff = NULL; +#endif if(!front->udp_buff) { free(front); return NULL; @@ -1180,17 +1195,20 @@ listen_create(struct comm_base* base, struct listen_port* ports, /* create comm points as needed */ while(ports) { struct comm_point* cp = NULL; - if(ports->ftype == listen_type_udp) + if(ports->ftype == listen_type_udp || + ports->ftype == listen_type_udp_dnscrypt) cp = comm_point_create_udp(base, ports->fd, front->udp_buff, cb, cb_arg); - else if(ports->ftype == listen_type_tcp) + else if(ports->ftype == listen_type_tcp || + ports->ftype == listen_type_tcp_dnscrypt) cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, bufsize, cb, cb_arg); else if(ports->ftype == listen_type_ssl) { cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, bufsize, cb, cb_arg); cp->ssl = sslctx; - } else if(ports->ftype == listen_type_udpancil) + } else if(ports->ftype == listen_type_udpancil || + ports->ftype == listen_type_udpancil_dnscrypt) cp = comm_point_create_udp_ancil(base, ports->fd, front->udp_buff, cb, cb_arg); if(!cp) { @@ -1200,6 +1218,21 @@ listen_create(struct comm_base* base, struct listen_port* ports, } cp->dtenv = dtenv; cp->do_not_close = 1; +#ifdef USE_DNSCRYPT + if (ports->ftype == listen_type_udp_dnscrypt || + ports->ftype == listen_type_tcp_dnscrypt || + ports->ftype == listen_type_udpancil_dnscrypt) { + cp->dnscrypt = 1; + cp->dnscrypt_buffer = sldns_buffer_new(bufsize); + if(!cp->dnscrypt_buffer) { + log_err("can't alloc dnscrypt_buffer"); + comm_point_delete(cp); + listen_delete(front); + return NULL; + } + front->dnscrypt_udp_buff = cp->dnscrypt_buffer; + } +#endif if(!listen_cp_insert(cp, front)) { log_err("malloc failed"); comm_point_delete(cp); @@ -1235,6 +1268,12 @@ listen_delete(struct listen_dnsport* front) if(!front) return; listen_list_delete(front->cps); +#ifdef USE_DNSCRYPT + if(front->dnscrypt_udp_buff && + front->udp_buff != front->dnscrypt_udp_buff) { + sldns_buffer_free(front->dnscrypt_udp_buff); + } +#endif sldns_buffer_free(front->udp_buff); free(front); } @@ -1278,7 +1317,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) { + cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->dnscrypt_port)) { listening_ports_free(list); return NULL; } @@ -1291,7 +1331,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) { + cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->dnscrypt_port)) { listening_ports_free(list); return NULL; } @@ -1306,7 +1347,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) { + cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->dnscrypt_port)) { listening_ports_free(list); return NULL; } @@ -1319,7 +1361,8 @@ listening_ports_open(struct config_file* cfg, int* reuseport) cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) { + cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->dnscrypt_port)) { listening_ports_free(list); return NULL; } @@ -1347,10 +1390,16 @@ void listening_ports_free(struct listen_port* list) size_t listen_get_mem(struct listen_dnsport* listen) { + struct listen_list* p; size_t s = sizeof(*listen) + sizeof(*listen->base) + sizeof(*listen->udp_buff) + sldns_buffer_capacity(listen->udp_buff); - struct listen_list* p; +#ifdef USE_DNSCRYPT + s += sizeof(*listen->dnscrypt_udp_buff); + if(listen->udp_buff != listen->dnscrypt_udp_buff){ + s += sldns_buffer_capacity(listen->dnscrypt_udp_buff); + } +#endif for(p = listen->cps; p; p = p->next) { s += sizeof(*p); s += comm_point_get_mem(p->com); diff --git a/services/listen_dnsport.h b/services/listen_dnsport.h index 93d2ef7148e2..fac0f7970924 100644 --- a/services/listen_dnsport.h +++ b/services/listen_dnsport.h @@ -59,7 +59,9 @@ struct listen_dnsport { /** buffer shared by UDP connections, since there is only one datagram at any time. */ struct sldns_buffer* udp_buff; - +#ifdef USE_DNSCRYPT + struct sldns_buffer* dnscrypt_udp_buff; +#endif /** list of comm points used to get incoming events */ struct listen_list* cps; }; @@ -85,7 +87,14 @@ enum listen_type { /** udp ipv6 (v4mapped) for use with ancillary data */ listen_type_udpancil, /** ssl over tcp type */ - listen_type_ssl + listen_type_ssl, + /** udp type + dnscrypt*/ + listen_type_udp_dnscrypt, + /** tcp type + dnscrypt */ + listen_type_tcp_dnscrypt, + /** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/ + listen_type_udpancil_dnscrypt + }; /** diff --git a/services/localzone.c b/services/localzone.c index d813ab586172..dcce46e863e4 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -229,9 +229,8 @@ lz_enter_zone(struct local_zones* zones, const char* name, const char* type, return z; } -/** return name and class and rdata of rr; parses string */ -static int -get_rr_content(const char* str, uint8_t** nm, uint16_t* type, +int +rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type, uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, uint8_t** rdata, size_t* rdata_len) { @@ -353,8 +352,8 @@ new_local_rrset(struct regional* region, struct local_data* node, } /** insert RR into RRset data structure; Wastes a couple of bytes */ -static int -insert_rr(struct regional* region, struct packed_rrset_data* pd, +int +rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd, uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) { size_t* oldlen = pd->rr_len; @@ -456,8 +455,8 @@ lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) uint8_t rr[LDNS_RR_BUF_SIZE]; uint8_t* rdata; size_t rdata_len; - if(!get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr, sizeof(rr), - &rdata, &rdata_len)) { + if(!rrstr_get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr, + sizeof(rr), &rdata, &rdata_len)) { log_err("bad local-data: %s", rrstr); return 0; } @@ -513,7 +512,7 @@ lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr); return 1; } - return insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr); + return rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr); } /** enter a data RR into auth data; a zone for it must exist */ @@ -1233,9 +1232,10 @@ local_error_encode(struct query_info* qinfo, struct module_env* env, } /** find local data tag string match for the given type in the list */ -static int -find_tag_datas(struct query_info* qinfo, struct config_strlist* list, - struct ub_packed_rrset_key* r, struct regional* temp) +int +local_data_find_tag_datas(const struct query_info* qinfo, + struct config_strlist* list, struct ub_packed_rrset_key* r, + struct regional* temp) { struct config_strlist* p; char buf[65536]; @@ -1312,13 +1312,24 @@ find_tag_datas(struct query_info* qinfo, struct config_strlist* list, sldns_wirerr_get_rdatawl(rr, len, 1), d->rr_len[d->count]); if(!d->rr_data[d->count]) - if(!d) return 0; /* out of memory */ + return 0; /* out of memory */ d->count++; } + if(r->rk.dname) + return 1; + return 0; +} + +static int +find_tag_datas(struct query_info* qinfo, struct config_strlist* list, + struct ub_packed_rrset_key* r, struct regional* temp) +{ + int result = local_data_find_tag_datas(qinfo, list, r, temp); + /* If we've found a non-exact alias type of local data, make a shallow * copy of the RRset and remember it in qinfo to complete the alias * chain later. */ - if(r->rk.dname && qinfo->qtype != LDNS_RR_TYPE_CNAME && + if(result && qinfo->qtype != LDNS_RR_TYPE_CNAME && r->rk.type == htons(LDNS_RR_TYPE_CNAME)) { qinfo->local_alias = regional_alloc_zero(temp, sizeof(struct local_rrset)); @@ -1329,9 +1340,7 @@ find_tag_datas(struct query_info* qinfo, struct config_strlist* list, if(!qinfo->local_alias->rrset) return 0; /* out of memory */ } - if(r->rk.dname) - return 1; - return 0; + return result; } /** answer local data match */ @@ -1497,8 +1506,6 @@ lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2, struct comm_reply* repinfo, struct rbtree_type* override_tree, int* tag, char** tagname, int num_tags) { - size_t i, j; - uint8_t tagmatch; struct local_zone_override* lzo; if(repinfo && override_tree) { lzo = (struct local_zone_override*)addr_tree_lookup( @@ -1511,6 +1518,19 @@ lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2, } if(!taglist || !taglist2) return lzt; + return local_data_find_tag_action(taglist, taglen, taglist2, taglen2, + tagactions, tagactionssize, lzt, tag, tagname, num_tags); +} + +enum localzone_type +local_data_find_tag_action(const uint8_t* taglist, size_t taglen, + const uint8_t* taglist2, size_t taglen2, const uint8_t* tagactions, + size_t tagactionssize, enum localzone_type lzt, int* tag, + char* const* tagname, int num_tags) +{ + size_t i, j; + uint8_t tagmatch; + for(i=0; i<taglen && i<taglen2; i++) { tagmatch = (taglist[i] & taglist2[i]); for(j=0; j<8 && tagmatch>0; j++) { diff --git a/services/localzone.h b/services/localzone.h index bf9c9bf489cb..658f28024ef4 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -46,6 +46,7 @@ #include "util/storage/dnstree.h" #include "util/module.h" #include "services/view.h" +struct packed_rrset_data; struct ub_packed_rrset_key; struct regional; struct config_file; @@ -389,4 +390,111 @@ void local_zones_del_data(struct local_zones* zones, */ int parse_dname(const char* str, uint8_t** res, size_t* len, int* labs); +/** + * Find local data tag string match for the given type (in qinfo) in the list. + * If found, 'r' will be filled with corresponding rrset information. + * @param qinfo: contains name, type, and class for the data + * @param list: stores local tag data to be searched + * @param r: rrset key to be filled for matched data + * @param temp: region to allocate rrset in 'r' + * @return 1 if a match is found and rrset is built; otherwise 0 including + * errors. + */ +int local_data_find_tag_datas(const struct query_info* qinfo, + struct config_strlist* list, struct ub_packed_rrset_key* r, + struct regional* temp); + +/** + * See if two sets of tag lists (in the form of bitmap) have the same tag that + * has an action. If so, '*tag' will be set to the found tag index, and the + * corresponding action will be returned in the form of local zone type. + * Otherwise the passed type (lzt) will be returned as the default action. + * Pointers except tagactions must not be NULL. + * @param taglist: 1st list of tags + * @param taglen: size of taglist in bytes + * @param taglist2: 2nd list of tags + * @param taglen2: size of taglist2 in bytes + * @param tagactions: local data actions for tags. May be NULL. + * @param tagactionssize: length of the tagactions. + * @param lzt: default action (local zone type) if no tag action is found. + * @param tag: see above. + * @param tagname: array of tag name strings (for debug output). + * @param num_tags: number of items in tagname array. + * @return found tag action or the default action. + */ +enum localzone_type local_data_find_tag_action(const uint8_t* taglist, + size_t taglen, const uint8_t* taglist2, size_t taglen2, + const uint8_t* tagactions, size_t tagactionssize, + enum localzone_type lzt, int* tag, char* const* tagname, int num_tags); + +/** + * Parses resource record string into wire format, also returning its field values. + * @param str: input resource record + * @param nm: domain name field + * @param type: record type field + * @param dclass: record class field + * @param ttl: ttl field + * @param rr: buffer for the parsed rr in wire format + * @param len: buffer length + * @param rdata: rdata field + * @param rdata_len: rdata field length + * @return 1 on success; 0 otherwise. + */ +int rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type, + uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, + uint8_t** rdata, size_t* rdata_len); + +/** + * Insert specified rdata into the specified resource record. + * @param region: allocator + * @param pd: data portion of the destination resource record + * @param rdata: source rdata + * @param rdata_len: source rdata length + * @param ttl: time to live + * @param rrstr: resource record in text form (for logging) + * @return 1 on success; 0 otherwise. + */ +int rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd, + uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr); + +/** + * Valid response ip actions for the IP-response-driven-action feature; + * defined here instead of in the respip module to enable sharing of enum + * values with the localzone_type enum. + * Note that these values except 'none' are the same as localzone types of + * the 'same semantics'. It's intentional as we use these values via + * access-control-tags, which can be shared for both response ip actions and + * local zones. + */ +enum respip_action { + /** no respip action */ + respip_none = local_zone_unset, + /** don't answer */ + respip_deny = local_zone_deny, + /** redirect as per provided data */ + respip_redirect = local_zone_redirect, + /** log query source and answer query */ + respip_inform = local_zone_inform, + /** log query source and don't answer query */ + respip_inform_deny = local_zone_inform_deny, + /** resolve normally, even when there is response-ip data */ + respip_always_transparent = local_zone_always_transparent, + /** answer with 'refused' response */ + respip_always_refuse = local_zone_always_refuse, + /** answer with 'no such domain' response */ + respip_always_nxdomain = local_zone_always_nxdomain, + + /* The rest of the values are only possible as + * access-control-tag-action */ + + /** serves response data (if any), else, drops queries. */ + respip_refuse = local_zone_refuse, + /** serves response data, else, nodata answer. */ + respip_static = local_zone_static, + /** gives response data (if any), else nodata answer. */ + respip_transparent = local_zone_transparent, + /** gives response data (if any), else nodata answer. */ + respip_typetransparent = local_zone_typetransparent, +}; + #endif /* SERVICES_LOCALZONE_H */ diff --git a/services/mesh.c b/services/mesh.c index f5a193ac2d48..0cb134ade85f 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -59,6 +59,7 @@ #include "sldns/wire2str.h" #include "services/localzone.h" #include "util/data/dname.h" +#include "respip/respip.h" /** subtract timers and the values do not overflow or become negative */ static void @@ -124,11 +125,64 @@ timeval_smaller(const struct timeval* x, const struct timeval* y) #endif } +/* + * Compare two response-ip client info entries for the purpose of mesh state + * compare. It returns 0 if ci_a and ci_b are considered equal; otherwise + * 1 or -1 (they mean 'ci_a is larger/smaller than ci_b', respectively, but + * in practice it should be only used to mean they are different). + * We cannot share the mesh state for two queries if different response-ip + * actions can apply in the end, even if those queries are otherwise identical. + * For this purpose we compare tag lists and tag action lists; they should be + * identical to share the same state. + * For tag data, we don't look into the data content, as it can be + * expensive; unless tag data are not defined for both or they point to the + * exact same data in memory (i.e., they come from the same ACL entry), we + * consider these data different. + * Likewise, if the client info is associated with views, we don't look into + * the views. They are considered different unless they are exactly the same + * even if the views only differ in the names. + */ +static int +client_info_compare(const struct respip_client_info* ci_a, + const struct respip_client_info* ci_b) +{ + int cmp; + + if(!ci_a && !ci_b) + return 0; + if(ci_a && !ci_b) + return -1; + if(!ci_a && ci_b) + return 1; + if(ci_a->taglen != ci_b->taglen) + return (ci_a->taglen < ci_b->taglen) ? -1 : 1; + cmp = memcmp(ci_a->taglist, ci_b->taglist, ci_a->taglen); + if(cmp != 0) + return cmp; + if(ci_a->tag_actions_size != ci_b->tag_actions_size) + return (ci_a->tag_actions_size < ci_b->tag_actions_size) ? + -1 : 1; + cmp = memcmp(ci_a->tag_actions, ci_b->tag_actions, + ci_a->tag_actions_size); + if(cmp != 0) + return cmp; + if(ci_a->tag_datas != ci_b->tag_datas) + return ci_a->tag_datas < ci_b->tag_datas ? -1 : 1; + if(ci_a->view != ci_b->view) + return ci_a->view < ci_b->view ? -1 : 1; + /* For the unbound daemon these should be non-NULL and identical, + * but we check that just in case. */ + if(ci_a->respip_set != ci_b->respip_set) + return ci_a->respip_set < ci_b->respip_set ? -1 : 1; + return 0; +} + int mesh_state_compare(const void* ap, const void* bp) { struct mesh_state* a = (struct mesh_state*)ap; struct mesh_state* b = (struct mesh_state*)bp; + int cmp; if(a->unique < b->unique) return -1; @@ -155,7 +209,10 @@ mesh_state_compare(const void* ap, const void* bp) if(!(a->s.query_flags&BIT_CD) && (b->s.query_flags&BIT_CD)) return 1; - return query_info_compare(&a->s.qinfo, &b->s.qinfo); + cmp = query_info_compare(&a->s.qinfo, &b->s.qinfo); + if(cmp != 0) + return cmp; + return client_info_compare(a->s.client_info, b->s.client_info); } int @@ -287,16 +344,16 @@ int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf) } void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, struct edns_data* edns, struct comm_reply* rep, - uint16_t qid) + struct respip_client_info* cinfo, uint16_t qflags, + struct edns_data* edns, struct comm_reply* rep, uint16_t qid) { struct mesh_state* s = NULL; - int unique = edns_unique_mesh_state(edns->opt_list, mesh->env); + int unique = unique_mesh_state(edns->opt_list, mesh->env); int was_detached = 0; int was_noreply = 0; int added = 0; if(!unique) - s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_area_find(mesh, cinfo, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); /* does this create a new reply state? */ if(!s || s->list_select == mesh_no_list) { if(!mesh_make_new_space(mesh, rep->c->buffer)) { @@ -323,7 +380,8 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, #ifdef UNBOUND_DEBUG struct rbnode_type* n; #endif - s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_state_create(mesh->env, qinfo, cinfo, + qflags&(BIT_RD|BIT_CD), 0, 0); if(!s) { log_err("mesh_state_create: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, @@ -412,12 +470,13 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qid, mesh_cb_func_type cb, void* cb_arg) { struct mesh_state* s = NULL; - int unique = edns_unique_mesh_state(edns->opt_list, mesh->env); + int unique = unique_mesh_state(edns->opt_list, mesh->env); int was_detached = 0; int was_noreply = 0; int added = 0; if(!unique) - s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_area_find(mesh, NULL, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + /* there are no limits on the number of callbacks */ /* see if it already exists, if not, create one */ @@ -425,7 +484,8 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, #ifdef UNBOUND_DEBUG struct rbnode_type* n; #endif - s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_state_create(mesh->env, qinfo, NULL, + qflags&(BIT_RD|BIT_CD), 0, 0); if(!s) { return 0; } @@ -476,8 +536,8 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, uint16_t qflags, time_t leeway) { - struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), - 0, 0); + struct mesh_state* s = mesh_area_find(mesh, NULL, qinfo, + qflags&(BIT_RD|BIT_CD), 0, 0); #ifdef UNBOUND_DEBUG struct rbnode_type* n; #endif @@ -497,7 +557,8 @@ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, return; } - s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0); + s = mesh_state_create(mesh->env, qinfo, NULL, + qflags&(BIT_RD|BIT_CD), 0, 0); if(!s) { log_err("prefetch mesh_state_create: out of memory"); return; @@ -546,7 +607,8 @@ void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e, struct mesh_state* mesh_state_create(struct module_env* env, struct query_info* qinfo, - uint16_t qflags, int prime, int valrec) + struct respip_client_info* cinfo, uint16_t qflags, int prime, + int valrec) { struct regional* region = alloc_reg_obtain(env->alloc); struct mesh_state* mstate; @@ -582,6 +644,14 @@ mesh_state_create(struct module_env* env, struct query_info* qinfo, alloc_reg_release(env->alloc, region); return NULL; } + if(cinfo) { + mstate->s.client_info = regional_alloc_init(region, cinfo, + sizeof(*cinfo)); + if(!mstate->s.client_info) { + alloc_reg_release(env->alloc, region); + return NULL; + } + } /* remove all weird bits from qflags */ mstate->s.query_flags = (qflags & (BIT_RD|BIT_CD)); mstate->s.is_priming = prime; @@ -756,7 +826,8 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, { /* find it, if not, create it */ struct mesh_area* mesh = qstate->env->mesh; - struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime, valrec); + struct mesh_state* sub = mesh_area_find(mesh, NULL, qinfo, qflags, + prime, valrec); int was_detached; if(mesh_detect_cycle_found(qstate, sub)) { verbose(VERB_ALGO, "attach failed, cycle detected"); @@ -767,7 +838,8 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, struct rbnode_type* n; #endif /* create a new one */ - sub = mesh_state_create(qstate->env, qinfo, qflags, prime, valrec); + sub = mesh_state_create(qstate->env, qinfo, NULL, qflags, prime, + valrec); if(!sub) { log_err("mesh_attach_sub: out of memory"); return 0; @@ -1035,8 +1107,25 @@ void mesh_query_done(struct mesh_state* mstate) struct reply_info* rep = (mstate->s.return_msg? mstate->s.return_msg->rep:NULL); for(r = mstate->reply_list; r; r = r->next) { - mesh_send_reply(mstate, mstate->s.return_rcode, rep, r, prev); - prev = r; + /* if a response-ip address block has been stored the + * information should be logged for each client. */ + if(mstate->s.respip_action_info && + mstate->s.respip_action_info->addrinfo) { + respip_inform_print(mstate->s.respip_action_info->addrinfo, + r->qname, mstate->s.qinfo.qtype, + mstate->s.qinfo.qclass, r->local_alias, + &r->query_reply); + } + + /* if this query is determined to be dropped during the + * mesh processing, this is the point to take that action. */ + if(mstate->s.is_drop) + comm_point_drop_reply(&r->query_reply); + else { + mesh_send_reply(mstate, mstate->s.return_rcode, rep, + r, prev); + prev = r; + } } mstate->replies_sent = 1; for(c = mstate->cb_list; c; c = c->next) { @@ -1060,7 +1149,8 @@ void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate) } struct mesh_state* mesh_area_find(struct mesh_area* mesh, - struct query_info* qinfo, uint16_t qflags, int prime, int valrec) + struct respip_client_info* cinfo, struct query_info* qinfo, + uint16_t qflags, int prime, int valrec) { struct mesh_state key; struct mesh_state* result; @@ -1074,6 +1164,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, * aggregate the state. Thus unique is set to NULL. (default when we * desire aggregation).*/ key.unique = NULL; + key.s.client_info = cinfo; result = (struct mesh_state*)rbtree_search(&mesh->all, &key); return result; @@ -1224,11 +1315,16 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, return mesh_continue(mesh, mstate, module_error, ev); } if(s == module_restart_next) { - fptr_ok(fptr_whitelist_mod_clear( - mesh->mods.mod[mstate->s.curmod]->clear)); - (*mesh->mods.mod[mstate->s.curmod]->clear) - (&mstate->s, mstate->s.curmod); - mstate->s.minfo[mstate->s.curmod] = NULL; + int curmod = mstate->s.curmod; + for(; mstate->s.curmod < mesh->mods.num; + mstate->s.curmod++) { + fptr_ok(fptr_whitelist_mod_clear( + mesh->mods.mod[mstate->s.curmod]->clear)); + (*mesh->mods.mod[mstate->s.curmod]->clear) + (&mstate->s, mstate->s.curmod); + mstate->s.minfo[mstate->s.curmod] = NULL; + } + mstate->s.curmod = curmod; } *ev = module_event_pass; return 1; @@ -1378,7 +1474,7 @@ mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, struct mesh_area* mesh = qstate->env->mesh; struct mesh_state* dep_m = NULL; if(!mesh_state_is_unique(qstate->mesh_info)) - dep_m = mesh_area_find(mesh, qinfo, flags, prime, valrec); + dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); return mesh_detect_cycle_found(qstate, dep_m); } diff --git a/services/mesh.h b/services/mesh.h index 435f89c689d5..1c77945320e3 100644 --- a/services/mesh.h +++ b/services/mesh.h @@ -59,6 +59,7 @@ struct query_info; struct reply_info; struct outbound_entry; struct timehist; +struct respip_client_info; /** * Maximum number of mesh state activations. Any more is likely an @@ -274,14 +275,18 @@ void mesh_delete(struct mesh_area* mesh); * * @param mesh: the mesh. * @param qinfo: query from client. + * @param cinfo: additional information associated with the query client. + * 'cinfo' itself is ephemeral but data pointed to by its members + * can be assumed to be valid and unchanged until the query processing is + * completed. * @param qflags: flags from client query. * @param edns: edns data from client query. * @param rep: where to reply to. * @param qid: query id to reply with. */ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, struct edns_data* edns, struct comm_reply* rep, - uint16_t qid); + struct respip_client_info* cinfo, uint16_t qflags, + struct edns_data* edns, struct comm_reply* rep, uint16_t qid); /** * New query with callback. Create new query state if needed, and @@ -409,14 +414,16 @@ void mesh_state_delete(struct module_qstate* qstate); * Does not put the mesh state into rbtrees and so on. * @param env: module environment to set. * @param qinfo: query info that the mesh is for. + * @param cinfo: control info for the query client (can be NULL). * @param qflags: flags for query (RD / CD flag). * @param prime: if true, it is a priming query, set is_priming on mesh state. * @param valrec: if true, it is a validation recursion query, and sets * is_valrec on the mesh state. * @return: new mesh state or NULL on allocation error. */ -struct mesh_state* mesh_state_create(struct module_env* env, - struct query_info* qinfo, uint16_t qflags, int prime, int valrec); +struct mesh_state* mesh_state_create(struct module_env* env, + struct query_info* qinfo, struct respip_client_info* cinfo, + uint16_t qflags, int prime, int valrec); /** * Check if the mesh state is unique. @@ -451,14 +458,17 @@ void mesh_delete_all(struct mesh_area* mesh); * Find a mesh state in the mesh area. Pass relevant flags. * * @param mesh: the mesh area to look in. + * @param cinfo: if non-NULL client specific info that may affect IP-based + * actions that apply to the query result. * @param qinfo: what query * @param qflags: if RD / CD bit is set or not. * @param prime: if it is a priming query. * @param valrec: if it is a validation-recursion query. * @return: mesh state or NULL if not found. */ -struct mesh_state* mesh_area_find(struct mesh_area* mesh, - struct query_info* qinfo, uint16_t qflags, int prime, int valrec); +struct mesh_state* mesh_area_find(struct mesh_area* mesh, + struct respip_client_info* cinfo, struct query_info* qinfo, + uint16_t qflags, int prime, int valrec); /** * Setup attachment super/sub relation between super and sub mesh state. diff --git a/services/modstack.c b/services/modstack.c index 70e066670d5d..9bebd3a5634c 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -46,6 +46,7 @@ #include "dns64/dns64.h" #include "iterator/iterator.h" #include "validator/validator.h" +#include "respip/respip.h" #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" @@ -53,6 +54,9 @@ #ifdef USE_CACHEDB #include "cachedb/cachedb.h" #endif +#ifdef CLIENT_SUBNET +#include "edns-subnet/subnetmod.h" +#endif /** count number of modules (words) in the string */ static int @@ -127,6 +131,10 @@ module_list_avail(void) #ifdef USE_CACHEDB "cachedb", #endif +#ifdef CLIENT_SUBNET + "subnetcache", +#endif + "respip", "validator", "iterator", NULL}; @@ -148,6 +156,10 @@ module_funcs_avail(void) #ifdef USE_CACHEDB &cachedb_get_funcblock, #endif +#ifdef CLIENT_SUBNET + &subnetmod_get_funcblock, +#endif + &respip_get_funcblock, &val_get_funcblock, &iter_get_funcblock, NULL}; @@ -216,7 +228,7 @@ int modstack_find(struct module_stack* stack, const char* name) { int i; - for(i=0; i<stack->num; i++) { + for(i=0; i<stack->num; i++) { if(strcmp(stack->mod[i]->name, name) == 0) return i; } diff --git a/services/view.c b/services/view.c index c9dfc3c87383..33f4f4986ba7 100644 --- a/services/view.c +++ b/services/view.c @@ -66,6 +66,10 @@ views_create(void) return v; } +/** This prototype is defined in in respip.h, but we want to avoid + * unnecessary dependencies */ +void respip_set_delete(struct respip_set *set); + void view_delete(struct view* v) { @@ -73,6 +77,7 @@ view_delete(struct view* v) return; lock_rw_destroy(&v->lock); local_zones_delete(v->local_zones); + respip_set_delete(v->respip_set); free(v->name); free(v); } diff --git a/services/view.h b/services/view.h index ce4b69d6c510..e0b346419e9b 100644 --- a/services/view.h +++ b/services/view.h @@ -47,6 +47,7 @@ struct regional; struct config_file; struct config_view; +struct respip_set; /** @@ -71,6 +72,8 @@ struct view { char* name; /** view specific local authority zones */ struct local_zones* local_zones; + /** response-ip configuration data for this view */ + struct respip_set* respip_set; /** Fallback to global local_zones when there is no match in the view * specific tree. 1 for yes, 0 for no */ int isfirst; diff --git a/sldns/rrdef.h b/sldns/rrdef.h index 00c01e63a403..af7bca1d2558 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -372,6 +372,8 @@ enum sldns_enum_algorithm LDNS_ECC_GOST = 12, /* RFC 5933 */ LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ + LDNS_ED25519 = 15, /* RFC 8080 */ + LDNS_ED448 = 16, /* RFC 8080 */ LDNS_INDIRECT = 252, LDNS_PRIVATEDNS = 253, LDNS_PRIVATEOID = 254 @@ -420,7 +422,8 @@ enum sldns_enum_edns_option LDNS_EDNS_DAU = 5, /* RFC6975 */ LDNS_EDNS_DHU = 6, /* RFC6975 */ LDNS_EDNS_N3U = 7, /* RFC6975 */ - LDNS_EDNS_CLIENT_SUBNET = 8, /* draft-vandergaast-edns-client-subnet */ + LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */ + LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ LDNS_EDNS_PADDING = 12 /* RFC7830 */ }; typedef enum sldns_enum_edns_option sldns_edns_option; diff --git a/sldns/sbuffer.c b/sldns/sbuffer.c index a7fe53aa0278..a04b9b655633 100644 --- a/sldns/sbuffer.c +++ b/sldns/sbuffer.c @@ -33,6 +33,7 @@ sldns_buffer_new(size_t capacity) buffer->_position = 0; buffer->_limit = buffer->_capacity = capacity; buffer->_fixed = 0; + buffer->_vfixed = 0; buffer->_status_err = 0; sldns_buffer_invariant(buffer); @@ -48,6 +49,7 @@ sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size) buffer->_position = 0; buffer->_limit = buffer->_capacity = size; buffer->_fixed = 0; + buffer->_vfixed = 0; buffer->_data = malloc(size); if(!buffer->_data) { buffer->_status_err = 1; @@ -66,6 +68,17 @@ sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size) buffer->_data = data; buffer->_capacity = buffer->_limit = size; buffer->_fixed = 1; + buffer->_vfixed = 0; +} + +void +sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size) +{ + memset(buffer, 0, sizeof(*buffer)); + buffer->_data = data; + buffer->_capacity = buffer->_limit = size; + buffer->_fixed = 1; + buffer->_vfixed = 1; } int @@ -74,7 +87,7 @@ sldns_buffer_set_capacity(sldns_buffer *buffer, size_t capacity) void *data; sldns_buffer_invariant(buffer); - assert(buffer->_position <= capacity); + assert(buffer->_position <= capacity && !buffer->_fixed); data = (uint8_t *) realloc(buffer->_data, capacity); if (!data) { @@ -126,7 +139,7 @@ sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) if (written == -1) { buffer->_status_err = 1; return -1; - } else if ((size_t) written >= remaining) { + } else if (!buffer->_vfixed && (size_t) written >= remaining) { if (!sldns_buffer_reserve(buffer, (size_t) written + 1)) { buffer->_status_err = 1; return -1; diff --git a/sldns/sbuffer.h b/sldns/sbuffer.h index 3ce874fc7f76..d1aadf8a198c 100644 --- a/sldns/sbuffer.h +++ b/sldns/sbuffer.h @@ -87,6 +87,19 @@ sldns_write_uint32(void *dst, uint32_t data) } +INLINE void +sldns_write_uint48(void *dst, uint64_t data) +{ + uint8_t *p = (uint8_t *) dst; + p[0] = (uint8_t) ((data >> 40) & 0xff); + p[1] = (uint8_t) ((data >> 32) & 0xff); + p[2] = (uint8_t) ((data >> 24) & 0xff); + p[3] = (uint8_t) ((data >> 16) & 0xff); + p[4] = (uint8_t) ((data >> 8) & 0xff); + p[5] = (uint8_t) (data & 0xff); +} + + /** * \file sbuffer.h * @@ -117,6 +130,17 @@ struct sldns_buffer /** If the buffer is fixed it cannot be resized */ unsigned _fixed : 1; + /** If the buffer is vfixed, no more than capacity bytes willl be + * written to _data, however the _position counter will be updated + * with the amount that would have been written in consecutive + * writes. This allows for a modus operandi in which a sequence is + * written on a fixed capacity buffer (perhaps with _data on stack). + * When everything could be written, then the _data is immediately + * usable, if not, then a buffer could be allocated sized precisely + * to fit the data for a second attempt. + */ + unsigned _vfixed : 1; + /** The current state of the buffer. If writing to the buffer fails * for any reason, this value is changed. This way, you can perform * multiple writes in sequence and check for success afterwards. */ @@ -134,9 +158,9 @@ INLINE void sldns_buffer_invariant(sldns_buffer *buffer) { assert(buffer != NULL); - assert(buffer->_position <= buffer->_limit); + assert(buffer->_position <= buffer->_limit || buffer->_vfixed); assert(buffer->_limit <= buffer->_capacity); - assert(buffer->_data != NULL); + assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0)); } #endif @@ -169,6 +193,19 @@ void sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size); void sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size); /** + * Setup a buffer with the data pointed to. No data copied, no memory allocs. + * The buffer is "virtually" fixed. Writes beyond size (the capacity) will + * only update position, but no data will be written beyond capacity. This + * allows to determine how big the buffer should have been to contain all the + * written data, by looking at the position with sldns_buffer_position(), + * similarly to the return value of POSIX's snprintf. + * \param[in] buffer pointer to the buffer to put the data in + * \param[in] data the data to encapsulate in the buffer + * \param[in] size the size of the data + */ +void sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size); + +/** * clears the buffer and make it ready for writing. The buffer's limit * is set to the capacity and the position is set to 0. * \param[in] buffer the buffer to clear @@ -231,7 +268,7 @@ sldns_buffer_position(sldns_buffer *buffer) INLINE void sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) { - assert(mark <= buffer->_limit); + assert(mark <= buffer->_limit || buffer->_vfixed); buffer->_position = mark; } @@ -245,7 +282,7 @@ sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) INLINE void sldns_buffer_skip(sldns_buffer *buffer, ssize_t count) { - assert(buffer->_position + count <= buffer->_limit); + assert(buffer->_position + count <= buffer->_limit || buffer->_vfixed); buffer->_position += count; } @@ -317,7 +354,7 @@ int sldns_buffer_reserve(sldns_buffer *buffer, size_t amount); INLINE uint8_t * sldns_buffer_at(const sldns_buffer *buffer, size_t at) { - assert(at <= buffer->_limit); + assert(at <= buffer->_limit || buffer->_vfixed); return buffer->_data + at; } @@ -367,8 +404,8 @@ INLINE size_t sldns_buffer_remaining_at(sldns_buffer *buffer, size_t at) { sldns_buffer_invariant(buffer); - assert(at <= buffer->_limit); - return buffer->_limit - at; + assert(at <= buffer->_limit || buffer->_vfixed); + return at < buffer->_limit ? buffer->_limit - at : 0; } /** @@ -420,11 +457,43 @@ sldns_buffer_available(sldns_buffer *buffer, size_t count) INLINE void sldns_buffer_write_at(sldns_buffer *buffer, size_t at, const void *data, size_t count) { - assert(sldns_buffer_available_at(buffer, at, count)); + if (!buffer->_vfixed) + assert(sldns_buffer_available_at(buffer, at, count)); + else if (sldns_buffer_remaining_at(buffer, at) == 0) + return; + else if (count > sldns_buffer_remaining_at(buffer, at)) { + memcpy(buffer->_data + at, data, + sldns_buffer_remaining_at(buffer, at)); + return; + } memcpy(buffer->_data + at, data, count); } /** + * set the given byte to the buffer at the specified position + * \param[in] buffer the buffer + * \param[in] at the position (in number of bytes) to write the data at + * \param[in] c the byte to set to the buffer + * \param[in] count the number of bytes of bytes to write + */ + +INLINE void +sldns_buffer_set_at(sldns_buffer *buffer, size_t at, int c, size_t count) +{ + if (!buffer->_vfixed) + assert(sldns_buffer_available_at(buffer, at, count)); + else if (sldns_buffer_remaining_at(buffer, at) == 0) + return; + else if (count > sldns_buffer_remaining_at(buffer, at)) { + memset(buffer->_data + at, c, + sldns_buffer_remaining_at(buffer, at)); + return; + } + memset(buffer->_data + at, c, count); +} + + +/** * writes count bytes of data to the current position of the buffer * \param[in] buffer the buffer * \param[in] data the data to write @@ -469,6 +538,7 @@ sldns_buffer_write_string(sldns_buffer *buffer, const char *str) INLINE void sldns_buffer_write_u8_at(sldns_buffer *buffer, size_t at, uint8_t data) { + if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); buffer->_data[at] = data; } @@ -494,6 +564,7 @@ sldns_buffer_write_u8(sldns_buffer *buffer, uint8_t data) INLINE void sldns_buffer_write_u16_at(sldns_buffer *buffer, size_t at, uint16_t data) { + if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); sldns_write_uint16(buffer->_data + at, data); } @@ -519,11 +590,26 @@ sldns_buffer_write_u16(sldns_buffer *buffer, uint16_t data) INLINE void sldns_buffer_write_u32_at(sldns_buffer *buffer, size_t at, uint32_t data) { + if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); sldns_write_uint32(buffer->_data + at, data); } /** + * writes the given 6 byte integer at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] data the (lower) 48 bits to write + */ +INLINE void +sldns_buffer_write_u48_at(sldns_buffer *buffer, size_t at, uint64_t data) +{ + if (buffer->_vfixed && at + 6 > buffer->_limit) return; + assert(sldns_buffer_available_at(buffer, at, 6)); + sldns_write_uint48(buffer->_data + at, data); +} + +/** * writes the given 4 byte integer at the current position in the buffer * \param[in] buffer the buffer * \param[in] data the 32 bits to write @@ -536,6 +622,18 @@ sldns_buffer_write_u32(sldns_buffer *buffer, uint32_t data) } /** + * writes the given 6 byte integer at the current position in the buffer + * \param[in] buffer the buffer + * \param[in] data the 48 bits to write + */ +INLINE void +sldns_buffer_write_u48(sldns_buffer *buffer, uint64_t data) +{ + sldns_buffer_write_u48_at(buffer, buffer->_position, data); + buffer->_position += 6; +} + +/** * copies count bytes of data at the given position to the given data-array * \param[in] buffer the buffer * \param[in] at the position in the buffer to start diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 0efa65f75664..b2ca6192c649 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -47,6 +47,8 @@ static sldns_lookup_table sldns_algorithms_data[] = { { LDNS_ECC_GOST, "ECC-GOST"}, { LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"}, { LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"}, + { LDNS_ED25519, "ED25519"}, + { LDNS_ED448, "ED448"}, { LDNS_INDIRECT, "INDIRECT" }, { LDNS_PRIVATEDNS, "PRIVATEDNS" }, { LDNS_PRIVATEOID, "PRIVATEOID" }, @@ -165,6 +167,7 @@ static sldns_lookup_table sldns_edns_options_data[] = { { 6, "DHU" }, { 7, "N3U" }, { 8, "edns-client-subnet" }, + { 11, "edns-tcp-keepalive"}, { 12, "Padding" }, { 0, NULL} }; @@ -270,6 +273,12 @@ int sldns_wire2str_rcode_buf(int rcode, char* s, size_t slen) return sldns_wire2str_rcode_print(&s, &slen, rcode); } +int sldns_wire2str_opcode_buf(int opcode, char* s, size_t slen) +{ + /* use arguments as temporary variables */ + return sldns_wire2str_opcode_print(&s, &slen, opcode); +} + int sldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ @@ -1838,6 +1847,25 @@ int sldns_wire2str_edns_subnet_print(char** s, size_t* sl, uint8_t* data, return w; } +int sldns_wire2str_edns_keepalive_print(char** s, size_t* sl, uint8_t* data, + size_t len) +{ + int w = 0; + uint16_t timeout; + if(!(len == 0 || len == 2)) { + w += sldns_str_print(s, sl, "malformed keepalive "); + w += print_hex_buf(s, sl, data, len); + return w; + } + if(len == 0 ) { + w += sldns_str_print(s, sl, "no timeout value (only valid for client option) "); + } else { + timeout = sldns_read_uint16(data); + w += sldns_str_print(s, sl, "timeout value in units of 100ms %u", (int)timeout); + } + return w; +} + int sldns_wire2str_edns_option_print(char** s, size_t* sl, uint16_t option_code, uint8_t* optdata, size_t optlen) { @@ -1866,6 +1894,9 @@ int sldns_wire2str_edns_option_print(char** s, size_t* sl, case LDNS_EDNS_CLIENT_SUBNET: w += sldns_wire2str_edns_subnet_print(s, sl, optdata, optlen); break; + case LDNS_EDNS_KEEPALIVE: + w += sldns_wire2str_edns_keepalive_print(s, sl, optdata, optlen); + break; case LDNS_EDNS_PADDING: w += print_hex_buf(s, sl, optdata, optlen); break; diff --git a/sldns/wire2str.h b/sldns/wire2str.h index c477f06610d8..e0fda92339b9 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -442,6 +442,17 @@ int sldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len); int sldns_wire2str_rcode_buf(int rcode, char* str, size_t len); /** + * Convert host format opcode to a string. 'QUERY', 'NOTIFY', 'UPDATE'. + * With user buffer. + * @param opcode: opcode as integer in host order + * @param str: the string to write to. + * @param len: length of str. + * @return the number of characters for this element, excluding zerobyte. + * Is larger or equal than str_len if output was truncated. + */ +int sldns_wire2str_opcode_buf(int opcode, char* str, size_t len); + +/** * Convert wire dname to a string, "example.com.". With user buffer. * @param dname: the dname in uncompressed wireformat. * @param dname_len: length of the dname. diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index eebc0e76ee8a..ddf8b3a750b1 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -53,6 +53,8 @@ #include "iterator/iter_hints.h" #include "validator/validator.h" #include "services/localzone.h" +#include "services/view.h" +#include "respip/respip.h" #include "sldns/sbuffer.h" #ifdef HAVE_GETOPT_H #include <getopt.h> @@ -141,6 +143,27 @@ localzonechecks(struct config_file* cfg) local_zones_delete(zs); } +/** check view and response-ip configuration */ +static void +view_and_respipchecks(struct config_file* cfg) +{ + struct views* views = NULL; + struct respip_set* respip = NULL; + int ignored = 0; + if(!(views = views_create())) + fatal_exit("Could not create views: out of memory"); + if(!(respip = respip_set_create())) + fatal_exit("Could not create respip set: out of memory"); + if(!views_apply_cfg(views, cfg)) + fatal_exit("Could not set up views"); + if(!respip_global_apply_cfg(respip, cfg)) + fatal_exit("Could not setup respip set"); + if(!respip_views_apply_cfg(views, cfg, &ignored)) + fatal_exit("Could not setup per-view respip sets"); + views_delete(views); + respip_set_delete(respip); +} + /** emit warnings for IP in hosts */ static void warn_hosts(const char* typ, struct config_stub* list) @@ -406,11 +429,17 @@ morechecks(struct config_file* cfg, const char* fname) /* remove chroot setting so that modules are not stripping pathnames*/ free(cfg->chrootdir); cfg->chrootdir = NULL; - + + /* There should be no reason for 'respip' module not to work with + * dns64, but it's not explicitly confirmed, so the combination is + * excluded below. It's simply unknown yet for the combination of + * respip and other modules. */ if(strcmp(cfg->module_conf, "iterator") != 0 && strcmp(cfg->module_conf, "validator iterator") != 0 && strcmp(cfg->module_conf, "dns64 validator iterator") != 0 && strcmp(cfg->module_conf, "dns64 iterator") != 0 + && strcmp(cfg->module_conf, "respip iterator") != 0 + && strcmp(cfg->module_conf, "respip validator iterator") != 0 #ifdef WITH_PYTHONMODULE && strcmp(cfg->module_conf, "python iterator") != 0 && strcmp(cfg->module_conf, "python validator iterator") != 0 @@ -426,6 +455,8 @@ morechecks(struct config_file* cfg, const char* fname) && strcmp(cfg->module_conf, "cachedb iterator") != 0 && strcmp(cfg->module_conf, "dns64 validator cachedb iterator") != 0 && strcmp(cfg->module_conf, "dns64 cachedb iterator") != 0 +#endif +#if defined(WITH_PYTHONMODULE) && defined(USE_CACHEDB) && strcmp(cfg->module_conf, "python dns64 cachedb iterator") != 0 && strcmp(cfg->module_conf, "python dns64 validator cachedb iterator") != 0 && strcmp(cfg->module_conf, "dns64 python cachedb iterator") != 0 @@ -436,6 +467,18 @@ morechecks(struct config_file* cfg, const char* fname) && strcmp(cfg->module_conf, "validator cachedb python iterator") != 0 && strcmp(cfg->module_conf, "validator python cachedb iterator") != 0 #endif +#ifdef CLIENT_SUBNET + && strcmp(cfg->module_conf, "subnetcache iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 +#endif +#if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET) + && strcmp(cfg->module_conf, "python subnetcache iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache python iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "python subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache python validator iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache validator python iterator") != 0 +#endif ) { fatal_exit("module conf '%s' is not known to work", cfg->module_conf); @@ -464,6 +507,7 @@ morechecks(struct config_file* cfg, const char* fname) } localzonechecks(cfg); + view_and_respipchecks(cfg); } /** check forwards */ diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index af4b45ee7820..6cd4e70861f0 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -58,7 +58,17 @@ #include "util/config_file.h" #include "util/locks.h" #include "util/net_help.h" +#include "util/shm_side/shm_main.h" +#include "daemon/stats.h" +#include "sldns/wire2str.h" +#include "sldns/pkthdr.h" +#ifdef HAVE_SYS_IPC_H +#include "sys/ipc.h" +#endif +#ifdef HAVE_SYS_SHM_H +#include "sys/shm.h" +#endif #ifdef HAVE_SYS_UN_H #include <sys/un.h> #endif @@ -81,6 +91,9 @@ usage(void) printf(" (this flushes data, stats, requestlist)\n"); printf(" stats print statistics\n"); printf(" stats_noreset peek at statistics\n"); +#ifdef HAVE_SHMGET + printf(" stats_shm print statistics using shm\n"); +#endif printf(" status display status of server\n"); printf(" verbosity <number> change logging detail\n"); printf(" log_reopen close and open the logfile\n"); @@ -89,6 +102,9 @@ usage(void) printf(" local_data <RR data...> add local data, for example\n"); printf(" local_data www.example.com A 192.0.2.1\n"); printf(" local_data_remove <name> remove local RR data from name\n"); + printf(" local_zones, local_zones_remove, local_datas, local_datas_remove\n"); + printf(" same, but read list from stdin\n"); + printf(" (one entry per line).\n"); printf(" dump_cache print cache to stdout\n"); printf(" load_cache load cache from stdin\n"); printf(" lookup <name> print nameservers for name\n"); @@ -138,6 +154,256 @@ usage(void) exit(1); } +#ifdef HAVE_SHMGET +/** what to put on statistics lines between var and value, ": " or "=" */ +#define SQ "=" +/** if true, inhibits a lot of =0 lines from the stats output */ +static const int inhibit_zero = 1; +/** divide sum of timers to get average */ +static void +timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d) +{ +#ifndef S_SPLINT_S + size_t leftover; + if(d == 0) { + avg->tv_sec = 0; + avg->tv_usec = 0; + return; + } + avg->tv_sec = sum->tv_sec / d; + avg->tv_usec = sum->tv_usec / d; + /* handle fraction from seconds divide */ + leftover = sum->tv_sec - avg->tv_sec*d; + avg->tv_usec += (leftover*1000000)/d; +#endif +} + +/** print unsigned long stats value */ +#define PR_UL_NM(str, var) printf("%s."str SQ"%lu\n", nm, (unsigned long)(var)); +#define PR_UL(str, var) printf(str SQ"%lu\n", (unsigned long)(var)); +#define PR_UL_SUB(str, nm, var) printf(str".%s"SQ"%lu\n", nm, (unsigned long)(var)); +#define PR_TIMEVAL(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \ + (long long)var.tv_sec, (int)var.tv_usec); +#define PR_LL(str, var) printf(str SQ ARG_LL"d\n", (long long)(var)); + +/** print stat block */ +static void pr_stats(const char* nm, struct stats_info* s) +{ + struct timeval avg; + PR_UL_NM("num.queries", s->svr.num_queries); + PR_UL_NM("num.queries_ip_ratelimited", + s->svr.num_queries_ip_ratelimited); + PR_UL_NM("num.cachehits", + s->svr.num_queries - s->svr.num_queries_missed_cache); + PR_UL_NM("num.cachemiss", s->svr.num_queries_missed_cache); + PR_UL_NM("num.prefetch", s->svr.num_queries_prefetch); + PR_UL_NM("num.zero_ttl", s->svr.zero_ttl_responses); + PR_UL_NM("num.recursivereplies", s->mesh_replies_sent); +#ifdef USE_DNSCRYPT + PR_UL_NM("num.dnscrypt.crypted", s->svr.num_query_dnscrypt_crypted); + PR_UL_NM("num.dnscrypt.cert", s->svr.num_query_dnscrypt_cert); + PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext); + PR_UL_NM("num.dnscrypt.malformed", + s->svr.num_query_dnscrypt_crypted_malformed); +#endif + printf("%s.requestlist.avg"SQ"%g\n", nm, + (s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)? + (double)s->svr.sum_query_list_size/ + (s->svr.num_queries_missed_cache+ + s->svr.num_queries_prefetch) : 0.0); + PR_UL_NM("requestlist.max", s->svr.max_query_list_size); + PR_UL_NM("requestlist.overwritten", s->mesh_jostled); + PR_UL_NM("requestlist.exceeded", s->mesh_dropped); + PR_UL_NM("requestlist.current.all", s->mesh_num_states); + PR_UL_NM("requestlist.current.user", s->mesh_num_reply_states); + timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent); + printf("%s.", nm); + PR_TIMEVAL("recursion.time.avg", avg); + printf("%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median); + PR_UL_NM("tcpusage", s->svr.tcp_accept_usage); +} + +/** print uptime */ +static void print_uptime(struct shm_stat_info* shm_stat) +{ + PR_TIMEVAL("time.now", shm_stat->time.now); + PR_TIMEVAL("time.up", shm_stat->time.up); + PR_TIMEVAL("time.elapsed", shm_stat->time.elapsed); +} + +/** print memory usage */ +static void print_mem(struct shm_stat_info* shm_stat) +{ + PR_LL("mem.cache.rrset", shm_stat->mem.rrset); + PR_LL("mem.cache.message", shm_stat->mem.msg); + PR_LL("mem.cache.iterator", shm_stat->mem.iter); + PR_LL("mem.cache.validator", shm_stat->mem.val); +#ifdef CLIENT_SUBNET + PR_LL("mem.cache.subnet", shm_stat->mem.subnet); +#endif +} + +/** print histogram */ +static void print_hist(struct stats_info* s) +{ + struct timehist* hist; + size_t i; + hist = timehist_setup(); + if(!hist) + fatal_exit("out of memory"); + timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST); + for(i=0; i<hist->num; i++) { + printf("histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n", + (int)hist->buckets[i].lower.tv_sec, + (int)hist->buckets[i].lower.tv_usec, + (int)hist->buckets[i].upper.tv_sec, + (int)hist->buckets[i].upper.tv_usec, + (unsigned long)hist->buckets[i].count); + } + timehist_delete(hist); +} + +/** print extended */ +static void print_extended(struct stats_info* s) +{ + int i; + char nm[16]; + + /* TYPE */ + for(i=0; i<STATS_QTYPE_NUM; i++) { + if(inhibit_zero && s->svr.qtype[i] == 0) + continue; + sldns_wire2str_type_buf((uint16_t)i, nm, sizeof(nm)); + PR_UL_SUB("num.query.type", nm, s->svr.qtype[i]); + } + if(!inhibit_zero || s->svr.qtype_big) { + PR_UL("num.query.type.other", s->svr.qtype_big); + } + + /* CLASS */ + for(i=0; i<STATS_QCLASS_NUM; i++) { + if(inhibit_zero && s->svr.qclass[i] == 0) + continue; + sldns_wire2str_class_buf((uint16_t)i, nm, sizeof(nm)); + PR_UL_SUB("num.query.class", nm, s->svr.qclass[i]); + } + if(!inhibit_zero || s->svr.qclass_big) { + PR_UL("num.query.class.other", s->svr.qclass_big); + } + + /* OPCODE */ + for(i=0; i<STATS_OPCODE_NUM; i++) { + if(inhibit_zero && s->svr.qopcode[i] == 0) + continue; + sldns_wire2str_opcode_buf(i, nm, sizeof(nm)); + PR_UL_SUB("num.query.opcode", nm, s->svr.qopcode[i]); + } + + /* transport */ + PR_UL("num.query.tcp", s->svr.qtcp); + PR_UL("num.query.tcpout", s->svr.qtcp_outgoing); + PR_UL("num.query.ipv6", s->svr.qipv6); + + /* flags */ + PR_UL("num.query.flags.QR", s->svr.qbit_QR); + PR_UL("num.query.flags.AA", s->svr.qbit_AA); + PR_UL("num.query.flags.TC", s->svr.qbit_TC); + PR_UL("num.query.flags.RD", s->svr.qbit_RD); + PR_UL("num.query.flags.RA", s->svr.qbit_RA); + PR_UL("num.query.flags.Z", s->svr.qbit_Z); + PR_UL("num.query.flags.AD", s->svr.qbit_AD); + PR_UL("num.query.flags.CD", s->svr.qbit_CD); + PR_UL("num.query.edns.present", s->svr.qEDNS); + PR_UL("num.query.edns.DO", s->svr.qEDNS_DO); + + /* RCODE */ + for(i=0; i<STATS_RCODE_NUM; i++) { + /* Always include RCODEs 0-5 */ + if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0) + continue; + sldns_wire2str_rcode_buf(i, nm, sizeof(nm)); + PR_UL_SUB("num.answer.rcode", nm, s->svr.ans_rcode[i]); + } + if(!inhibit_zero || s->svr.ans_rcode_nodata) { + PR_UL("num.answer.rcode.nodata", s->svr.ans_rcode_nodata); + } + /* validation */ + PR_UL("num.answer.secure", s->svr.ans_secure); + PR_UL("num.answer.bogus", s->svr.ans_bogus); + PR_UL("num.rrset.bogus", s->svr.rrset_bogus); + /* threat detection */ + PR_UL("unwanted.queries", s->svr.unwanted_queries); + PR_UL("unwanted.replies", s->svr.unwanted_replies); + /* cache counts */ + PR_UL("msg.cache.count", s->svr.msg_cache_count); + PR_UL("rrset.cache.count", s->svr.rrset_cache_count); + PR_UL("infra.cache.count", s->svr.infra_cache_count); + PR_UL("key.cache.count", s->svr.key_cache_count); +} + +/** print statistics out of memory structures */ +static void do_stats_shm(struct config_file* cfg, struct stats_info* stats, + struct shm_stat_info* shm_stat) +{ + int i; + char nm[16]; + for(i=0; i<cfg->num_threads; i++) { + snprintf(nm, sizeof(nm), "thread%d", i); + pr_stats(nm, &stats[i+1]); + } + pr_stats("total", &stats[0]); + print_uptime(shm_stat); + if(cfg->stat_extended) { + print_mem(shm_stat); + print_hist(stats); + print_extended(stats); + } +} +#endif /* HAVE_SHMGET */ + +/** print statistics from shm memory segment */ +static void print_stats_shm(const char* cfgfile) +{ +#ifdef HAVE_SHMGET + struct config_file* cfg; + struct stats_info* stats; + struct shm_stat_info* shm_stat; + int id_ctl, id_arr; + /* read config */ + if(!(cfg = config_create())) + fatal_exit("out of memory"); + if(!config_read(cfg, cfgfile, NULL)) + fatal_exit("could not read config file"); + /* get shm segments */ + id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W); + if(id_ctl == -1) { + fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno)); + } + id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W); + if(id_arr == -1) { + fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno)); + } + shm_stat = (struct shm_stat_info*)shmat(id_ctl, NULL, 0); + if(shm_stat == (void*)-1) { + fatal_exit("shmat(%d): %s", id_ctl, strerror(errno)); + } + stats = (struct stats_info*)shmat(id_arr, NULL, 0); + if(stats == (void*)-1) { + fatal_exit("shmat(%d): %s", id_arr, strerror(errno)); + } + + /* print the stats */ + do_stats_shm(cfg, stats, shm_stat); + + /* shutdown */ + shmdt(shm_stat); + shmdt(stats); + config_delete(cfg); +#else + (void)cfgfile; +#endif /* HAVE_SHMGET */ +} + /** exit with ssl error */ static void ssl_err(const char* s) { @@ -160,13 +426,13 @@ setup_ctx(struct config_file* cfg) if(!s_cert || !c_key || !c_cert) fatal_exit("out of memory"); } - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) ssl_err("could not allocate SSL_CTX pointer"); - if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2) ssl_err("could not set SSL_OP_NO_SSLv2"); - if(cfg->remote_control_use_cert) { + if(cfg->remote_control_use_cert) { if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3) ssl_err("could not set SSL_OP_NO_SSLv3"); @@ -441,44 +707,10 @@ int main(int argc, char* argv[]) log_init(NULL, 0, NULL); checklock_start(); #ifdef USE_WINSOCK - if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) - fatal_exit("WSAStartup failed: %s", wsa_strerror(r)); /* use registry config file in preference to compiletime location */ if(!(cfgfile=w_lookup_reg_str("Software\\Unbound", "ConfigFile"))) cfgfile = CONFIGFILE; #endif - -#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS - ERR_load_crypto_strings(); -#endif - ERR_load_SSL_strings(); -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) - OpenSSL_add_all_algorithms(); -#else - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -#endif -#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) - (void)SSL_library_init(); -#else - (void)OPENSSL_init_ssl(0, NULL); -#endif - - if(!RAND_status()) { - /* try to seed it */ - unsigned char buf[256]; - unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid(); - unsigned int v = seed; - size_t i; - for(i=0; i<256/sizeof(v); i++) { - memmove(buf+i*sizeof(v), &v, sizeof(v)); - v = v*seed + (unsigned int)i; - } - RAND_seed(buf, 256); - log_warn("no entropy, seeding openssl PRNG with time\n"); - } - /* parse the options */ while( (c=getopt(argc, argv, "c:s:qh")) != -1) { switch(c) { @@ -508,11 +740,51 @@ int main(int argc, char* argv[]) strerror(errno)); } } + if(argc >= 1 && strcmp(argv[0], "stats_shm")==0) { + print_stats_shm(cfgfile); + return 0; + } + +#ifdef USE_WINSOCK + if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) + fatal_exit("WSAStartup failed: %s", wsa_strerror(r)); +#endif + +#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS + ERR_load_crypto_strings(); +#endif + ERR_load_SSL_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) + OpenSSL_add_all_algorithms(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(0, NULL); +#endif + + if(!RAND_status()) { + /* try to seed it */ + unsigned char buf[256]; + unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid(); + unsigned int v = seed; + size_t i; + for(i=0; i<256/sizeof(v); i++) { + memmove(buf+i*sizeof(v), &v, sizeof(v)); + v = v*seed + (unsigned int)i; + } + RAND_seed(buf, 256); + log_warn("no entropy, seeding openssl PRNG with time\n"); + } ret = go(cfgfile, svr, quiet, argc, argv); #ifdef USE_WINSOCK - WSACleanup(); + WSACleanup(); #endif checklock_stop(); return ret; diff --git a/testcode/do-tests.sh b/testcode/do-tests.sh index 6ea12cd2f336..e356d4fc312c 100755 --- a/testcode/do-tests.sh +++ b/testcode/do-tests.sh @@ -9,6 +9,7 @@ NEED_CURL='06-ianaports.tpkg root_anchor.tpkg' NEED_WHOAMI='07-confroot.tpkg' NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg' NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg' +NEED_DNSCRYPT_PROXY='dnscrypt_queries.tpkg' # test if dig and ldns-testns are available. test_tool_avail "dig" @@ -39,6 +40,7 @@ for test in `ls *.tpkg`; do skip_if_in_list $test "$NEED_XXD" "xxd" skip_if_in_list $test "$NEED_NC" "nc" skip_if_in_list $test "$NEED_WHOAMI" "whoami" + skip_if_in_list $test "$NEED_DNSCRYPT_PROXY" "dnscrypt-proxy" if echo $NEED_IPV6 | grep $test >/dev/null; then if test "$HAVE_IPV6" = no; then diff --git a/testcode/fake_event.c b/testcode/fake_event.c index 2072089381f7..154013a8c8e3 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -1070,8 +1070,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, sldns_buffer_write_u16(pend->buffer, qinfo->qclass); sldns_buffer_flip(pend->buffer); if(1) { - /* add edns */ struct edns_data edns; + if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, + zone, zonelen, qstate, qstate->region)) { + free(pend); + return NULL; + } + /* add edns */ edns.edns_present = 1; edns.ext_rcode = 0; edns.edns_version = EDNS_ADVERTISED_VERSION; diff --git a/testcode/testbound.c b/testcode/testbound.c index 00502eea8849..180b2c256a49 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -73,9 +73,11 @@ testbound_usage(void) printf("\ttest the unbound daemon.\n"); printf("-h this help\n"); printf("-p file playback text file\n"); + printf("-1 detect SHA1 support (exit code 0 or 1)\n"); printf("-2 detect SHA256 support (exit code 0 or 1)\n"); printf("-g detect GOST support (exit code 0 or 1)\n"); printf("-e detect ECDSA support (exit code 0 or 1)\n"); + printf("-c detect CLIENT_SUBNET support (exit code 0 or 1)\n"); printf("-s testbound self-test - unit test of testbound parts.\n"); printf("-o str unbound commandline options separated by spaces.\n"); printf("Version %s\n", PACKAGE_VERSION); @@ -279,12 +281,21 @@ main(int argc, char* argv[]) pass_argc = 1; pass_argv[0] = "unbound"; add_opts("-d", &pass_argc, pass_argv); - while( (c=getopt(argc, argv, "2egho:p:s")) != -1) { + while( (c=getopt(argc, argv, "12egho:p:s")) != -1) { switch(c) { case 's': free(pass_argv[1]); testbound_selftest(); exit(0); + case '1': +#ifdef USE_SHA1 + printf("SHA1 supported\n"); + exit(0); +#else + printf("SHA1 not supported\n"); + exit(1); +#endif + break; case '2': #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) printf("SHA256 supported\n"); @@ -317,6 +328,15 @@ main(int argc, char* argv[]) exit(1); #endif break; + case 'c': +#ifdef CLIENT_SUBNET + printf("CLIENT_SUBNET supported\n"); + exit(0); +#else + printf("CLIENT_SUBNET not supported\n"); + exit(1); +#endif + break; case 'p': playback_file = optarg; break; diff --git a/testcode/testpkts.c b/testcode/testpkts.c index c9ad9d069b56..e1a7768abed0 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -98,6 +98,7 @@ entry_add_reply(struct entry* entry) pkt->packet_sleep = 0; pkt->reply_pkt = NULL; pkt->reply_from_hex = NULL; + pkt->raw_ednsdata = NULL; /* link at end */ while(*p) p = &((*p)->next); @@ -118,6 +119,12 @@ static void matchline(char* line, struct entry* e) e->match_qtype = 1; } else if(str_keyword(&parse, "qname")) { e->match_qname = 1; + } else if(str_keyword(&parse, "rcode")) { + e->match_rcode = 1; + } else if(str_keyword(&parse, "question")) { + e->match_question = 1; + } else if(str_keyword(&parse, "answer")) { + e->match_answer = 1; } else if(str_keyword(&parse, "subdomain")) { e->match_subdomain = 1; } else if(str_keyword(&parse, "all")) { @@ -128,6 +135,8 @@ static void matchline(char* line, struct entry* e) e->match_do = 1; } else if(str_keyword(&parse, "noedns")) { e->match_noedns = 1; + } else if(str_keyword(&parse, "ednsdata")) { + e->match_ednsdata_raw = 1; } else if(str_keyword(&parse, "UDP")) { e->match_transport = transport_udp; } else if(str_keyword(&parse, "TCP")) { @@ -224,6 +233,8 @@ static void adjustline(char* line, struct entry* e, e->copy_id = 1; } else if(str_keyword(&parse, "copy_query")) { e->copy_query = 1; + } else if(str_keyword(&parse, "copy_ednsdata_assume_clientsubnet")) { + e->copy_ednsdata_assume_clientsubnet = 1; } else if(str_keyword(&parse, "sleep=")) { e->sleeptime = (unsigned int) strtol(parse, (char**)&parse, 10); while(isspace((unsigned char)*parse)) @@ -247,6 +258,9 @@ static struct entry* new_entry(void) e->match_opcode = 0; e->match_qtype = 0; e->match_qname = 0; + e->match_rcode = 0; + e->match_question = 0; + e->match_answer = 0; e->match_subdomain = 0; e->match_all = 0; e->match_ttl = 0; @@ -258,6 +272,7 @@ static struct entry* new_entry(void) e->reply_list = NULL; e->copy_id = 0; e->copy_query = 0; + e->copy_ednsdata_assume_clientsubnet = 0; e->sleeptime = 0; e->next = NULL; return e; @@ -475,25 +490,28 @@ static void add_rr(char* rrstr, uint8_t* pktbuf, size_t pktsize, else error("internal error bad section %d", (int)add_section); } -/* add EDNS 4096 DO opt record */ +/* add EDNS 4096 opt record */ static void -add_do_flag(uint8_t* pktbuf, size_t pktsize, size_t* pktlen) +add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata, + uint16_t ednslen, size_t* pktlen) { uint8_t edns[] = {0x00, /* root label */ 0x00, LDNS_RR_TYPE_OPT, /* type */ 0x10, 0x00, /* class is UDPSIZE 4096 */ 0x00, /* TTL[0] is ext rcode */ 0x00, /* TTL[1] is edns version */ - 0x80, 0x00, /* TTL[2-3] is edns flags, DO */ - 0x00, 0x00 /* rdatalength (0 options) */ + (uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */ + (uint8_t)((ednslen >> 8) & 0xff), + (uint8_t)(ednslen & 0xff), /* rdatalength */ }; if(*pktlen < LDNS_HEADER_SIZE) return; - if(*pktlen + sizeof(edns) > pktsize) + if(*pktlen + sizeof(edns) + ednslen > pktsize) error("not enough space for EDNS OPT record"); memmove(pktbuf+*pktlen, edns, sizeof(edns)); + memmove(pktbuf+*pktlen+sizeof(edns), ednsdata, ednslen); sldns_write_uint16(pktbuf+10, LDNS_ARCOUNT(pktbuf)+1); - *pktlen += sizeof(edns); + *pktlen += (sizeof(edns) + ednslen); } /* Reads one entry from file. Returns entry or NULL on error. */ @@ -507,7 +525,9 @@ read_entry(FILE* in, const char* name, struct sldns_file_parse_state* pstate, sldns_pkt_section add_section = LDNS_SECTION_QUESTION; struct reply_packet *cur_reply = NULL; int reading_hex = 0; + int reading_hex_ednsdata = 0; sldns_buffer* hex_data_buffer = NULL; + sldns_buffer* hex_ednsdata_buffer = NULL; uint8_t pktbuf[MAX_PACKETLEN]; size_t pktlen = LDNS_HEADER_SIZE; int do_flag = 0; /* DO flag in EDNS */ @@ -574,21 +594,45 @@ read_entry(FILE* in, const char* name, struct sldns_file_parse_state* pstate, cur_reply->reply_from_hex = hex_buffer2wire(hex_data_buffer); sldns_buffer_free(hex_data_buffer); hex_data_buffer = NULL; + } else if(reading_hex) { + sldns_buffer_printf(hex_data_buffer, "%s", line); + } else if(str_keyword(&parse, "HEX_EDNSDATA_BEGIN")) { + hex_ednsdata_buffer = sldns_buffer_new(MAX_PACKETLEN); + reading_hex_ednsdata = 1; + } else if(str_keyword(&parse, "HEX_EDNSDATA_END")) { + if (!reading_hex_ednsdata) { + error("%s line %d: HEX_EDNSDATA_END read but no" + "HEX_EDNSDATA_BEGIN keyword seen", name, pstate->lineno); + } + reading_hex_ednsdata = 0; + cur_reply->raw_ednsdata = hex_buffer2wire(hex_ednsdata_buffer); + sldns_buffer_free(hex_ednsdata_buffer); + hex_ednsdata_buffer = NULL; + } else if(reading_hex_ednsdata) { + sldns_buffer_printf(hex_ednsdata_buffer, "%s", line); } else if(str_keyword(&parse, "ENTRY_END")) { if(hex_data_buffer) sldns_buffer_free(hex_data_buffer); + if(hex_ednsdata_buffer) + sldns_buffer_free(hex_ednsdata_buffer); if(pktlen != 0) { - if(do_flag) - add_do_flag(pktbuf, sizeof(pktbuf), - &pktlen); + if(do_flag || cur_reply->raw_ednsdata) { + if(cur_reply->raw_ednsdata && + sldns_buffer_limit(cur_reply->raw_ednsdata)) + add_edns(pktbuf, sizeof(pktbuf), do_flag, + sldns_buffer_begin(cur_reply->raw_ednsdata), + (uint16_t)sldns_buffer_limit(cur_reply->raw_ednsdata), + &pktlen); + else + add_edns(pktbuf, sizeof(pktbuf), do_flag, + NULL, 0, &pktlen); + } cur_reply->reply_pkt = memdup(pktbuf, pktlen); cur_reply->reply_len = pktlen; if(!cur_reply->reply_pkt) error("out of memory"); } return current; - } else if(reading_hex) { - sldns_buffer_printf(hex_data_buffer, "%s", line); } else { add_rr(skip_whitespace?parse:line, pktbuf, sizeof(pktbuf), &pktlen, pstate, add_section, @@ -596,10 +640,14 @@ read_entry(FILE* in, const char* name, struct sldns_file_parse_state* pstate, } } - if (reading_hex) { + if(reading_hex) { error("%s: End of file reached while still reading hex, " "missing HEX_ANSWER_END\n", name); } + if(reading_hex_ednsdata) { + error("%s: End of file reached while still reading edns data, " + "missing HEX_EDNSDATA_END\n", name); + } if(current) { error("%s: End of file reached while reading entry. " "missing ENTRY_END\n", name); @@ -691,6 +739,14 @@ static int get_opcode(uint8_t* pkt, size_t pktlen) return (int)LDNS_OPCODE_WIRE(pkt); } +/** returns rcode from packet */ +static int get_rcode(uint8_t* pkt, size_t pktlen) +{ + if(pktlen < LDNS_HEADER_SIZE) + return 0; + return (int)LDNS_RCODE_WIRE(pkt); +} + /** get authority section SOA serial value */ static uint32_t get_serial(uint8_t* p, size_t plen) { @@ -761,16 +817,16 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) wlen -= LDNS_HEADER_SIZE; /* skip other records with wire2str_scan */ - for(i=0; i < LDNS_QDCOUNT(p); i++) + for(i=0; i < LDNS_QDCOUNT(*p); i++) (void)sldns_wire2str_rrquestion_scan(&w, &wlen, &snull, &sl, *p, *plen); - for(i=0; i < LDNS_ANCOUNT(p); i++) + for(i=0; i < LDNS_ANCOUNT(*p); i++) (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); - for(i=0; i < LDNS_NSCOUNT(p); i++) + for(i=0; i < LDNS_NSCOUNT(*p); i++) (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); /* walk through additional section */ - for(i=0; i < LDNS_ARCOUNT(p); i++) { + for(i=0; i < LDNS_ARCOUNT(*p); i++) { /* if this is OPT then done */ uint8_t* dstart = w; size_t dlen = wlen; @@ -802,8 +858,8 @@ get_do_flag(uint8_t* pkt, size_t len) uint16_t edns_bits; uint8_t* walk = pkt; size_t walk_len = len; - if(pkt_find_edns_opt(&walk, &walk_len)) { - return 1; + if(!pkt_find_edns_opt(&walk, &walk_len)) { + return 0; } if(walk_len < 6) return 0; /* malformed */ @@ -1086,6 +1142,138 @@ static void lowercase_pkt(uint8_t* pkt, size_t pktlen) } } +/** match question section of packet */ +static int +match_question(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl) +{ + char* qstr, *pstr, *s, *qcmpstr, *pcmpstr; + uint8_t* qb = q, *pb = p; + int r; + /* zero TTLs */ + qb = memdup(q, qlen); + pb = memdup(p, plen); + if(!qb || !pb) error("out of memory"); + if(!mttl) { + zerottls(qb, qlen); + zerottls(pb, plen); + } + lowercase_pkt(qb, qlen); + lowercase_pkt(pb, plen); + qstr = sldns_wire2str_pkt(qb, qlen); + pstr = sldns_wire2str_pkt(pb, plen); + if(!qstr || !pstr) error("cannot pkt2string"); + + /* remove before ;; QUESTION */ + s = strstr(qstr, ";; QUESTION SECTION"); + qcmpstr = s; + s = strstr(pstr, ";; QUESTION SECTION"); + pcmpstr = s; + if(!qcmpstr && !pcmpstr) { + free(qstr); + free(pstr); + free(qb); + free(pb); + return 1; + } + if(!qcmpstr || !pcmpstr) { + free(qstr); + free(pstr); + free(qb); + free(pb); + return 0; + } + + /* remove after answer section, (;; AUTH, ;; ADD, ;; MSG size ..) */ + s = strstr(qcmpstr, ";; ANSWER SECTION"); + if(!s) s = strstr(qcmpstr, ";; AUTHORITY SECTION"); + if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION"); + if(!s) s = strstr(qcmpstr, ";; MSG SIZE"); + if(s) *s = 0; + s = strstr(pcmpstr, ";; ANSWER SECTION"); + if(!s) s = strstr(pcmpstr, ";; AUTHORITY SECTION"); + if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION"); + if(!s) s = strstr(pcmpstr, ";; MSG SIZE"); + if(s) *s = 0; + + r = (strcmp(qcmpstr, pcmpstr) == 0); + + if(!r) { + verbose(3, "mismatch question section '%s' and '%s'", + qcmpstr, pcmpstr); + } + + free(qstr); + free(pstr); + free(qb); + free(pb); + return r; +} + +/** match answer section of packet */ +static int +match_answer(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl) +{ + char* qstr, *pstr, *s, *qcmpstr, *pcmpstr; + uint8_t* qb = q, *pb = p; + int r; + /* zero TTLs */ + qb = memdup(q, qlen); + pb = memdup(p, plen); + if(!qb || !pb) error("out of memory"); + if(!mttl) { + zerottls(qb, qlen); + zerottls(pb, plen); + } + lowercase_pkt(qb, qlen); + lowercase_pkt(pb, plen); + qstr = sldns_wire2str_pkt(qb, qlen); + pstr = sldns_wire2str_pkt(pb, plen); + if(!qstr || !pstr) error("cannot pkt2string"); + + /* remove before ;; ANSWER */ + s = strstr(qstr, ";; ANSWER SECTION"); + qcmpstr = s; + s = strstr(pstr, ";; ANSWER SECTION"); + pcmpstr = s; + if(!qcmpstr && !pcmpstr) { + free(qstr); + free(pstr); + free(qb); + free(pb); + return 1; + } + if(!qcmpstr || !pcmpstr) { + free(qstr); + free(pstr); + free(qb); + free(pb); + return 0; + } + + /* remove after answer section, (;; AUTH, ;; ADD, ;; MSG size ..) */ + s = strstr(qcmpstr, ";; AUTHORITY SECTION"); + if(!s) s = strstr(qcmpstr, ";; ADDITIONAL SECTION"); + if(!s) s = strstr(qcmpstr, ";; MSG SIZE"); + if(s) *s = 0; + s = strstr(pcmpstr, ";; AUTHORITY SECTION"); + if(!s) s = strstr(pcmpstr, ";; ADDITIONAL SECTION"); + if(!s) s = strstr(pcmpstr, ";; MSG SIZE"); + if(s) *s = 0; + + r = (strcmp(qcmpstr, pcmpstr) == 0); + + if(!r) { + verbose(3, "mismatch answer section '%s' and '%s'", + qcmpstr, pcmpstr); + } + + free(qstr); + free(pstr); + free(qb); + free(pb); + return r; +} + /** match all of the packet */ int match_all(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl, @@ -1128,6 +1316,9 @@ match_all(uint8_t* q, size_t qlen, uint8_t* p, size_t plen, int mttl, /* check for reordered sections */ r = match_noloc(qstr, pstr, q, qlen, p, plen); } + if(!r) { + verbose(3, "mismatch pkt '%s' and '%s'", qstr, pstr); + } free(qstr); free(pstr); free(qb); @@ -1186,6 +1377,31 @@ static int subdomain_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) return 0; } +/** Match OPT RDATA (not the EDNS payload size or flags) */ +static int +match_ednsdata(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) +{ + uint8_t* walk_q = q; + size_t walk_qlen = qlen; + uint8_t* walk_p = p; + size_t walk_plen = plen; + + if(!pkt_find_edns_opt(&walk_q, &walk_qlen)) + walk_qlen = 0; + if(!pkt_find_edns_opt(&walk_p, &walk_plen)) + walk_plen = 0; + + /* class + ttl + rdlen = 8 */ + if(walk_qlen <= 8 && walk_plen <= 8) { + verbose(3, "NO edns opt, move on"); + return 1; + } + if(walk_qlen != walk_plen) + return 0; + + return (memcmp(walk_p+8, walk_q+8, walk_qlen-8) == 0); +} + /* finds entry in list, or returns NULL */ struct entry* find_match(struct entry* entries, uint8_t* query_pkt, size_t len, @@ -1214,6 +1430,31 @@ find_match(struct entry* entries, uint8_t* query_pkt, size_t len, continue; } } + if(p->match_rcode) { + if(get_rcode(query_pkt, len) != get_rcode(reply, rlen)) { + char *r1 = sldns_wire2str_rcode(get_rcode(query_pkt, len)); + char *r2 = sldns_wire2str_rcode(get_rcode(reply, rlen)); + verbose(3, "bad rcode %s instead of %s\n", + r1, r2); + free(r1); + free(r2); + continue; + } + } + if(p->match_question) { + if(!match_question(query_pkt, len, reply, rlen, + (int)p->match_ttl)) { + verbose(3, "bad question section\n"); + continue; + } + } + if(p->match_answer) { + if(!match_answer(query_pkt, len, reply, rlen, + (int)p->match_ttl)) { + verbose(3, "bad answer section\n"); + continue; + } + } if(p->match_subdomain) { if(!subdomain_dname(query_pkt, len, reply, rlen)) { verbose(3, "bad subdomain\n"); @@ -1232,6 +1473,11 @@ find_match(struct entry* entries, uint8_t* query_pkt, size_t len, verbose(3, "bad; EDNS OPT present\n"); continue; } + if(p->match_ednsdata_raw && + !match_ednsdata(query_pkt, len, reply, rlen)) { + verbose(3, "bad EDNS data match.\n"); + continue; + } if(p->match_transport != transport_any && p->match_transport != transport) { verbose(3, "bad transport\n"); continue; @@ -1317,6 +1563,29 @@ adjust_packet(struct entry* match, uint8_t** answer_pkt, size_t *answer_len, if(match->copy_id && reslen >= 1) res[0] = orig[0]; + if(match->copy_ednsdata_assume_clientsubnet) { + /** Assume there is only one EDNS option, which is ECS. + * Copy source mask from query to scope mask in reply. Assume + * rest of ECS data in response (eg address) matches the query. + */ + uint8_t* walk_q = orig; + size_t walk_qlen = origlen; + uint8_t* walk_p = res; + size_t walk_plen = reslen; + + if(!pkt_find_edns_opt(&walk_q, &walk_qlen)) { + walk_qlen = 0; + } + if(!pkt_find_edns_opt(&walk_p, &walk_plen)) { + walk_plen = 0; + } + /* class + ttl + rdlen + optcode + optlen + ecs fam + ecs source + * + ecs scope = index 15 */ + if(walk_qlen >= 15 && walk_plen >= 15) { + walk_p[15] = walk_q[14]; + } + } + if(match->sleeptime > 0) { verbose(3, "sleeping for %d seconds\n", match->sleeptime); #ifdef HAVE_SLEEP @@ -1410,6 +1679,7 @@ void delete_replylist(struct reply_packet* replist) np = p->next; free(p->reply_pkt); sldns_buffer_free(p->reply_from_hex); + sldns_buffer_free(p->raw_ednsdata); free(p); p=np; } diff --git a/testcode/testpkts.h b/testcode/testpkts.h index 5c000546fed6..b175cab066ab 100644 --- a/testcode/testpkts.h +++ b/testcode/testpkts.h @@ -50,6 +50,10 @@ struct sldns_file_parse_state; ; 'ttl' used with all, rrs in packet must also have matching TTLs. ; 'DO' will match only queries with DO bit set. ; 'noedns' matches queries without EDNS OPT records. + ; 'rcode' makes the query match the rcode from the reply + ; 'question' makes the query match the question section + ; 'answer' makes the query match the answer section + ; 'ednsdata' matches queries to HEX_EDNS section. MATCH [opcode] [qtype] [qname] [serial=<value>] [all] [ttl] MATCH [UDP|TCP] DO MATCH ... @@ -84,6 +88,11 @@ struct sldns_file_parse_state; ; be parsed, ADJUST rules for the answer packet ; are ignored. Only copy_id is done. HEX_ANSWER_END + HEX_EDNS_BEGIN ; follow with hex data. + ; Raw EDNS data to match against. It must be an + ; exact match (all options are matched) and will be + ; evaluated only when 'MATCH ednsdata' given. + HEX_EDNS_END ENTRY_END @@ -144,6 +153,8 @@ struct reply_packet { uint8_t* reply_pkt; /** length of reply pkt */ size_t reply_len; + /** Additional EDNS data for matching queries. */ + struct sldns_buffer* raw_ednsdata; /** or reply pkt in hex if not parsable */ struct sldns_buffer* reply_from_hex; /** seconds to sleep before giving packet */ @@ -161,6 +172,12 @@ struct entry { uint8_t match_qtype; /** match qname with answer qname */ uint8_t match_qname; + /** match rcode with answer rcode */ + uint8_t match_rcode; + /** match question section */ + uint8_t match_question; + /** match answer section */ + uint8_t match_answer; /** match qname as subdomain of answer qname */ uint8_t match_subdomain; /** match SOA serial number, from auth section */ @@ -173,6 +190,8 @@ struct entry { uint8_t match_do; /** match absence of EDNS OPT record in query */ uint8_t match_noedns; + /** match edns data field given in hex */ + uint8_t match_ednsdata_raw; /** match query serial with this value. */ uint32_t ixfr_soa_serial; /** match on UDP/TCP */ @@ -186,6 +205,9 @@ struct entry { uint8_t copy_id; /** copy the query nametypeclass from query into the answer */ uint8_t copy_query; + /** copy ednsdata to reply, assume it is clientsubnet and + * adjust scopemask to match sourcemask */ + uint8_t copy_ednsdata_assume_clientsubnet; /** in seconds */ unsigned int sleeptime; diff --git a/testcode/unitecs.c b/testcode/unitecs.c new file mode 100644 index 000000000000..3584b0f983b6 --- /dev/null +++ b/testcode/unitecs.c @@ -0,0 +1,284 @@ +/* + * testcode/unitecs.c - unit test for ecs routines. + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * Calls ecs related unit tests. Exits with code 1 on a failure. + */ + +#include "config.h" + +#ifdef CLIENT_SUBNET + +#include "util/log.h" +#include "util/module.h" +#include "testcode/unitmain.h" +#include "edns-subnet/addrtree.h" +#include "edns-subnet/subnetmod.h" + +/* + void printkey(addrkey_t *k, addrlen_t bits) + { + int byte; + int bytes = bits/8 + ((bits%8)>0); + char msk = 0xFF; + for (byte = 0; byte < bytes; byte++) { + //~ if (byte+1 == bytes) + //~ msk = 0xFF<<(8-bits%8); + printf("%02x ", k[byte]&msk); + } + } + + void print_tree(struct addrnode* node, int indent, int maxdepth) + { + struct addredge* edge; + int i, s, byte; + if (indent == 0) printf("-----Tree-----\n"); + if (indent > maxdepth) { + printf("\n"); + return; + } + printf("[node elem:%d] (%d)\n", node->elem != NULL, node); + for (i = 0; i<2; i++) { + if (node->edge[i]) { + for (s = 0; s < indent; s++) printf(" "); + printkey(node->edge[i]->str, node->edge[i]->len); + printf("(len %d bits, %d bytes) ", node->edge[i]->len, + node->edge[i]->len/8 + ((node->edge[i]->len%8)>0)); + print_tree(node->edge[i]->node, indent+1, maxdepth); + } + } + if (indent == 0) printf("-----Tree-----"); + } +*/ + +/* what should we check? + * X - is it balanced? (a node with 1 child shoudl not have + * a node with 1 child MUST have elem + * child must be sub of parent + * edge must be longer than parent edge + * */ +static int addrtree_inconsistent_subtree(struct addrtree* tree, + struct addredge* parent_edge, addrlen_t depth) +{ + struct addredge* edge; + struct addrnode* node = parent_edge->node; + int childcount, i, r; + if (depth > tree->max_depth) return 15; + childcount = (node->edge[0] != NULL) + (node->edge[1] != NULL); + /* Only nodes with 2 children should possibly have no element. */ + if (childcount < 2 && !node->elem) return 10; + for (i = 0; i<2; i++) { + edge = node->edge[i]; + if (!edge) continue; + if (!edge->node) return 11; + if (!edge->str) return 12; + if (edge->len <= parent_edge->len) return 13; + if (!unittest_wrapper_addrtree_issub(parent_edge->str, + parent_edge->len, edge->str, edge->len, 0)) + return 14; + if ((r = addrtree_inconsistent_subtree(tree, edge, depth+1)) != 0) + return 100+r; + } + return 0; +} + +static int addrtree_inconsistent(struct addrtree* tree) +{ + struct addredge* edge; + int i, r; + + if (!tree) return 0; + if (!tree->root) return 1; + + for (i = 0; i<2; i++) { + edge = tree->root->edge[i]; + if (!edge) continue; + if (!edge->node) return 3; + if (!edge->str) return 4; + if ((r = addrtree_inconsistent_subtree(tree, edge, 1)) != 0) + return r; + } + return 0; +} + +static addrlen_t randomkey(addrkey_t **k, int maxlen) +{ + int byte; + int bits = rand() % maxlen; + int bytes = bits/8 + (bits%8>0); /*ceil*/ + *k = (addrkey_t *) malloc(bytes * sizeof(addrkey_t)); + for (byte = 0; byte < bytes; byte++) { + (*k)[byte] = (addrkey_t)(rand() & 0xFF); + } + return (addrlen_t)bits; +} + +static void elemfree(void *envptr, void *elemptr) +{ + struct reply_info *elem = (struct reply_info *)elemptr; + (void)envptr; + free(elem); +} + +static void consistency_test(void) +{ + addrlen_t l; + time_t i; + unsigned int count; + addrkey_t *k; + struct addrtree* t; + struct module_env env; + struct reply_info *elem; + time_t timenow = 0; + unit_show_func("edns-subnet/addrtree.h", "Tree consistency check"); + srand(9195); /* just some value for reproducibility */ + + t = addrtree_create(100, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 0); + count = t->node_count; + unit_assert(count == 0); + for (i = 0; i < 1000; i++) { + l = randomkey(&k, 128); + elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); + addrtree_insert(t, k, l, 64, elem, timenow + 10, timenow); + /* This should always hold because no items ever expire. They + * could be overwritten, though. */ + unit_assert( count <= t->node_count ); + count = t->node_count; + free(k); + unit_assert( !addrtree_inconsistent(t) ); + } + addrtree_delete(t); + + unit_show_func("edns-subnet/addrtree.h", "Tree consistency with purge"); + t = addrtree_create(8, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 0); + unit_assert(t->node_count == 0); + for (i = 0; i < 1000; i++) { + l = randomkey(&k, 128); + elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); + addrtree_insert(t, k, l, 64, elem, i + 10, i); + free(k); + unit_assert( !addrtree_inconsistent(t) ); + } + addrtree_delete(t); + + unit_show_func("edns-subnet/addrtree.h", "Tree consistency with limit"); + t = addrtree_create(8, &elemfree, &unittest_wrapper_subnetmod_sizefunc, &env, 27); + unit_assert(t->node_count == 0); + for (i = 0; i < 1000; i++) { + l = randomkey(&k, 128); + elem = (struct reply_info *) calloc(1, sizeof(struct reply_info)); + addrtree_insert(t, k, l, 64, elem, i + 10, i); + unit_assert( t->node_count <= 27); + free(k); + unit_assert( !addrtree_inconsistent(t) ); + } + addrtree_delete(t); +} + +static void issub_test(void) +{ + addrkey_t k1[] = {0x55, 0x55, 0x5A}; + addrkey_t k2[] = {0x55, 0x5D, 0x5A}; + unit_show_func("edns-subnet/addrtree.h", "issub"); + unit_assert( !unittest_wrapper_addrtree_issub(k1, 24, k2, 24, 0) ); + unit_assert( unittest_wrapper_addrtree_issub(k1, 8, k2, 16, 0) ); + unit_assert( unittest_wrapper_addrtree_issub(k2, 12, k1, 13, 0) ); + unit_assert( !unittest_wrapper_addrtree_issub(k1, 16, k2, 12, 0) ); + unit_assert( unittest_wrapper_addrtree_issub(k1, 12, k2, 12, 0) ); + unit_assert( !unittest_wrapper_addrtree_issub(k1, 13, k2, 13, 0) ); + unit_assert( unittest_wrapper_addrtree_issub(k1, 24, k2, 24, 13) ); + unit_assert( !unittest_wrapper_addrtree_issub(k1, 24, k2, 20, 13) ); + unit_assert( unittest_wrapper_addrtree_issub(k1, 20, k2, 24, 13) ); +} + +static void getbit_test(void) +{ + addrkey_t k1[] = {0x55, 0x55, 0x5A}; + int i; + unit_show_func("edns-subnet/addrtree.h", "getbit"); + for(i = 0; i<20; i++) { + unit_assert( unittest_wrapper_addrtree_getbit(k1, 20, (addrlen_t)i) == (i&1) ); + } +} + +static void bits_common_test(void) +{ + addrkey_t k1[] = {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0}; + addrkey_t k2[] = {0,0,0,0,0,0,0,0}; + addrlen_t i; + + unit_show_func("edns-subnet/addrtree.h", "bits_common"); + for(i = 0; i<64; i++) { + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k1, 64, i) == 64 ); + } + for(i = 0; i<8; i++) { + k2[i] = k1[i]^(1<<i); + } + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 0) == 0*8+7 ); + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 8) == 1*8+6 ); + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 16) == 2*8+5 ); + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 24) == 3*8+4 ); + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 32) == 4*8+3 ); + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 40) == 5*8+2 ); + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 48) == 6*8+1 ); + unit_assert( unittest_wrapper_addrtree_bits_common(k1, 64, k2, 64, 56) == 7*8+0 ); +} + +static void cmpbit_test(void) +{ + addrkey_t k1[] = {0xA5, 0x0F}; + addrkey_t k2[] = {0x5A, 0xF0}; + addrlen_t i; + + unit_show_func("edns-subnet/addrtree.h", "cmpbit"); + for(i = 0; i<16; i++) { + unit_assert( !unittest_wrapper_addrtree_cmpbit(k1,k1,i) ); + unit_assert( unittest_wrapper_addrtree_cmpbit(k1,k2,i) ); + } +} + +void ecs_test(void) +{ + unit_show_feature("ecs"); + cmpbit_test(); + bits_common_test(); + getbit_test(); + issub_test(); + consistency_test(); +} +#endif /* CLIENT_SUBNET */ + diff --git a/testcode/unitmain.c b/testcode/unitmain.c index e3d7a59b4c4c..fd56e64d3f5d 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -558,6 +558,269 @@ rnd_test(void) ub_randfree(r); } +#include "respip/respip.h" +#include "services/localzone.h" +#include "util/data/packed_rrset.h" +typedef struct addr_action {char* ip; char* sact; enum respip_action act;} + addr_action_t; + +/** Utility function that verifies that the respip set has actions as expected */ +static void +verify_respip_set_actions(struct respip_set* set, addr_action_t actions[], + int actions_len) +{ + int i = 0; + struct rbtree_type* tree = respip_set_get_tree(set); + for (i=0; i<actions_len; i++) { + struct sockaddr_storage addr; + int net; + socklen_t addrlen; + struct resp_addr* node; + netblockstrtoaddr(actions[i].ip, UNBOUND_DNS_PORT, &addr, + &addrlen, &net); + node = (struct resp_addr*)addr_tree_find(tree, &addr, addrlen, net); + + /** we have the node and the node has the correct action + * and has no data */ + unit_assert(node); + unit_assert(actions[i].act == + resp_addr_get_action(node)); + unit_assert(resp_addr_get_rrset(node) == NULL); + } + unit_assert(actions_len && i == actions_len); + unit_assert(actions_len == (int)tree->count); +} + +/** Global respip actions test; apply raw config data and verify that + * all the nodes in the respip set, looked up by address, have expected + * actions */ +static void +respip_conf_actions_test(void) +{ + addr_action_t config_response_ip[] = { + {"192.0.1.0/24", "deny", respip_deny}, + {"192.0.2.0/24", "redirect", respip_redirect}, + {"192.0.3.0/26", "inform", respip_inform}, + {"192.0.4.0/27", "inform_deny", respip_inform_deny}, + {"2001:db8:1::/48", "always_transparent", respip_always_transparent}, + {"2001:db8:2::/49", "always_refuse", respip_always_refuse}, + {"2001:db8:3::/50", "always_nxdomain", respip_always_nxdomain}, + }; + int i; + struct respip_set* set = respip_set_create(); + struct config_file cfg; + int clen = (int)(sizeof(config_response_ip) / sizeof(addr_action_t)); + + unit_assert(set); + unit_show_feature("global respip config actions apply"); + memset(&cfg, 0, sizeof(cfg)); + for(i=0; i<clen; i++) { + char* ip = strdup(config_response_ip[i].ip); + char* sact = strdup(config_response_ip[i].sact); + unit_assert(ip && sact); + if(!cfg_str2list_insert(&cfg.respip_actions, ip, sact)) + unit_assert(0); + } + unit_assert(respip_global_apply_cfg(set, &cfg)); + verify_respip_set_actions(set, config_response_ip, clen); +} + +/** Per-view respip actions test; apply raw configuration with two views + * and verify that actions are as expected in respip sets of both views */ +static void +respip_view_conf_actions_test(void) +{ + addr_action_t config_response_ip_view1[] = { + {"192.0.1.0/24", "deny", respip_deny}, + {"192.0.2.0/24", "redirect", respip_redirect}, + {"192.0.3.0/26", "inform", respip_inform}, + {"192.0.4.0/27", "inform_deny", respip_inform_deny}, + }; + addr_action_t config_response_ip_view2[] = { + {"2001:db8:1::/48", "always_transparent", respip_always_transparent}, + {"2001:db8:2::/49", "always_refuse", respip_always_refuse}, + {"2001:db8:3::/50", "always_nxdomain", respip_always_nxdomain}, + }; + int i; + struct config_file cfg; + int clen1 = (int)(sizeof(config_response_ip_view1) / sizeof(addr_action_t)); + int clen2 = (int)(sizeof(config_response_ip_view2) / sizeof(addr_action_t)); + struct config_view* cv1; + struct config_view* cv2; + int have_respip_cfg = 0; + struct views* views = NULL; + struct view* v = NULL; + + unit_show_feature("per-view respip config actions apply"); + memset(&cfg, 0, sizeof(cfg)); + cv1 = (struct config_view*)calloc(1, sizeof(struct config_view)); + cv2 = (struct config_view*)calloc(1, sizeof(struct config_view)); + unit_assert(cv1 && cv2); + cv1->name = strdup("view1"); + cv2->name = strdup("view2"); + unit_assert(cv1->name && cv2->name); + cv1->next = cv2; + cfg.views = cv1; + + for(i=0; i<clen1; i++) { + char* ip = strdup(config_response_ip_view1[i].ip); + char* sact = strdup(config_response_ip_view1[i].sact); + unit_assert(ip && sact); + if(!cfg_str2list_insert(&cv1->respip_actions, ip, sact)) + unit_assert(0); + } + for(i=0; i<clen2; i++) { + char* ip = strdup(config_response_ip_view2[i].ip); + char* sact = strdup(config_response_ip_view2[i].sact); + unit_assert(ip && sact); + if(!cfg_str2list_insert(&cv2->respip_actions, ip, sact)) + unit_assert(0); + } + views = views_create(); + unit_assert(views); + unit_assert(views_apply_cfg(views, &cfg)); + unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); + + /* now verify the respip sets in each view */ + v = views_find_view(views, "view1", 0); + unit_assert(v); + verify_respip_set_actions(v->respip_set, config_response_ip_view1, clen1); + lock_rw_unlock(&v->lock); + v = views_find_view(views, "view2", 0); + unit_assert(v); + verify_respip_set_actions(v->respip_set, config_response_ip_view2, clen2); + lock_rw_unlock(&v->lock); +} + +typedef struct addr_data {char* ip; char* data;} addr_data_t; + +/** find the respip address node in the specified tree (by address lookup) + * and verify type and address of the specified rdata (by index) in this + * node's rrset */ +static void +verify_rrset(struct respip_set* set, const char* ipstr, + const char* rdatastr, size_t rdi, uint16_t type) +{ + struct sockaddr_storage addr; + int net; + char buf[65536]; + socklen_t addrlen; + struct rbtree_type* tree; + struct resp_addr* node; + const struct ub_packed_rrset_key* rrs; + + netblockstrtoaddr(ipstr, UNBOUND_DNS_PORT, &addr, &addrlen, &net); + tree = respip_set_get_tree(set); + node = (struct resp_addr*)addr_tree_find(tree, &addr, addrlen, net); + unit_assert(node); + unit_assert((rrs = resp_addr_get_rrset(node))); + unit_assert(ntohs(rrs->rk.type) == type); + packed_rr_to_string((struct ub_packed_rrset_key*)rrs, + rdi, 0, buf, sizeof(buf)); + unit_assert(strstr(buf, rdatastr)); +} + +/** Dataset used to test redirect rrset initialization for both + * global and per-view respip redirect configuration */ +static addr_data_t config_response_ip_data[] = { + {"192.0.1.0/24", "A 1.2.3.4"}, + {"192.0.1.0/24", "A 11.12.13.14"}, + {"192.0.2.0/24", "CNAME www.example.com."}, + {"2001:db8:1::/48", "AAAA 2001:db8:1::2:1"}, +}; + +/** Populate raw respip redirect config data, used for both global and + * view-based respip redirect test case */ +static void +cfg_insert_respip_data(struct config_str2list** respip_actions, + struct config_str2list** respip_data) +{ + int clen = (int)(sizeof(config_response_ip_data) / sizeof(addr_data_t)); + int i = 0; + + /* insert actions (duplicate netblocks don't matter) */ + for(i=0; i<clen; i++) { + char* ip = strdup(config_response_ip_data[i].ip); + char* sact = strdup("redirect"); + unit_assert(ip && sact); + if(!cfg_str2list_insert(respip_actions, ip, sact)) + unit_assert(0); + } + /* insert data */ + for(i=0; i<clen; i++) { + char* ip = strdup(config_response_ip_data[i].ip); + char* data = strdup(config_response_ip_data[i].data); + unit_assert(ip && data); + if(!cfg_str2list_insert(respip_data, ip, data)) + unit_assert(0); + } +} + +/** Test global respip redirect w/ data directives */ +static void +respip_conf_data_test(void) +{ + struct respip_set* set = respip_set_create(); + struct config_file cfg; + + unit_show_feature("global respip config data apply"); + memset(&cfg, 0, sizeof(cfg)); + + cfg_insert_respip_data(&cfg.respip_actions, &cfg.respip_data); + + /* apply configuration and verify rrsets */ + unit_assert(respip_global_apply_cfg(set, &cfg)); + verify_rrset(set, "192.0.1.0/24", "1.2.3.4", 0, LDNS_RR_TYPE_A); + verify_rrset(set, "192.0.1.0/24", "11.12.13.14", 1, LDNS_RR_TYPE_A); + verify_rrset(set, "192.0.2.0/24", "www.example.com", 0, LDNS_RR_TYPE_CNAME); + verify_rrset(set, "2001:db8:1::/48", "2001:db8:1::2:1", 0, LDNS_RR_TYPE_AAAA); +} + +/** Test per-view respip redirect w/ data directives */ +static void +respip_view_conf_data_test(void) +{ + struct config_file cfg; + struct config_view* cv; + int have_respip_cfg = 0; + struct views* views = NULL; + struct view* v = NULL; + + unit_show_feature("per-view respip config data apply"); + memset(&cfg, 0, sizeof(cfg)); + cv = (struct config_view*)calloc(1, sizeof(struct config_view)); + unit_assert(cv); + cv->name = strdup("view1"); + unit_assert(cv->name); + cfg.views = cv; + cfg_insert_respip_data(&cv->respip_actions, &cv->respip_data); + views = views_create(); + unit_assert(views); + unit_assert(views_apply_cfg(views, &cfg)); + + /* apply configuration and verify rrsets */ + unit_assert(respip_views_apply_cfg(views, &cfg, &have_respip_cfg)); + v = views_find_view(views, "view1", 0); + unit_assert(v); + verify_rrset(v->respip_set, "192.0.1.0/24", "1.2.3.4", + 0, LDNS_RR_TYPE_A); + verify_rrset(v->respip_set, "192.0.1.0/24", "11.12.13.14", + 1, LDNS_RR_TYPE_A); + verify_rrset(v->respip_set, "192.0.2.0/24", "www.example.com", + 0, LDNS_RR_TYPE_CNAME); + verify_rrset(v->respip_set, "2001:db8:1::/48", "2001:db8:1::2:1", + 0, LDNS_RR_TYPE_AAAA); +} + +/** respip unit tests */ +static void respip_test(void) +{ + respip_view_conf_data_test(); + respip_conf_data_test(); + respip_view_conf_actions_test(); + respip_conf_actions_test(); +} + void unit_show_func(const char* file, const char* func) { printf("test %s:%s\n", file, func); @@ -604,6 +867,7 @@ main(int argc, char* argv[]) checklock_start(); neg_test(); rnd_test(); + respip_test(); verify_test(); net_test(); config_memsize_test(); @@ -618,6 +882,9 @@ main(int argc, char* argv[]) infra_test(); ldns_test(); msgparse_test(); +#ifdef CLIENT_SUBNET + ecs_test(); +#endif /* CLIENT_SUBNET */ checklock_stop(); printf("%d checks ok.\n", testcount); #ifdef HAVE_SSL diff --git a/testcode/unitmain.h b/testcode/unitmain.h index c27bd1437053..d81b603b2f6b 100644 --- a/testcode/unitmain.h +++ b/testcode/unitmain.h @@ -72,6 +72,10 @@ void verify_test(void); void neg_test(void); /** unit test for regional allocator functions */ void regional_test(void); +#ifdef CLIENT_SUBNET +/** Unit test for ECS functions */ +void ecs_test(void); +#endif /* CLIENT_SUBNET */ /** unit test for ldns functions */ void ldns_test(void); diff --git a/testcode/unitverify.c b/testcode/unitverify.c index b74ea5131b90..37994a377c28 100644 --- a/testcode/unitverify.c +++ b/testcode/unitverify.c @@ -496,8 +496,10 @@ void verify_test(void) { unit_show_feature("signature verify"); +#ifdef USE_SHA1 verifytest_file("testdata/test_signatures.1", "20070818005004"); -#ifdef USE_DSA +#endif +#if defined(USE_DSA) && defined(USE_SHA1) verifytest_file("testdata/test_signatures.2", "20080414005004"); verifytest_file("testdata/test_signatures.3", "20080416005004"); verifytest_file("testdata/test_signatures.4", "20080416005004"); @@ -505,17 +507,23 @@ verify_test(void) verifytest_file("testdata/test_signatures.6", "20080416005004"); verifytest_file("testdata/test_signatures.7", "20070829144150"); #endif /* USE_DSA */ +#ifdef USE_SHA1 verifytest_file("testdata/test_signatures.8", "20070829144150"); +#endif #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) verifytest_file("testdata/test_sigs.rsasha256", "20070829144150"); +# ifdef USE_SHA1 verifytest_file("testdata/test_sigs.sha1_and_256", "20070829144150"); +# endif verifytest_file("testdata/test_sigs.rsasha256_draft", "20090101000000"); #endif #if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) verifytest_file("testdata/test_sigs.rsasha512_draft", "20070829144150"); #endif +#ifdef USE_SHA1 verifytest_file("testdata/test_sigs.hinfo", "20090107100022"); verifytest_file("testdata/test_sigs.revoked", "20080414005004"); +#endif #ifdef USE_GOST if(sldns_key_EVP_load_gost_id()) verifytest_file("testdata/test_sigs.gost", "20090807060504"); @@ -529,7 +537,9 @@ verify_test(void) } dstest_file("testdata/test_ds.sha384"); #endif +#ifdef USE_SHA1 dstest_file("testdata/test_ds.sha1"); +#endif nsectest(); nsec3_hash_test("testdata/test_nsec3_hash.1"); } diff --git a/testdata/03-testbound.tpkg b/testdata/03-testbound.tpkg Binary files differindex 2f348dcf2117..39e62169915b 100644 --- a/testdata/03-testbound.tpkg +++ b/testdata/03-testbound.tpkg diff --git a/testdata/10-unbound-anchor.tpkg b/testdata/10-unbound-anchor.tpkg Binary files differindex de8fb4df7871..db8680a647aa 100644 --- a/testdata/10-unbound-anchor.tpkg +++ b/testdata/10-unbound-anchor.tpkg diff --git a/testdata/autotrust_10key.rpl b/testdata/autotrust_10key.rpl index 89f2102a3419..1f2998f77890 100644 --- a/testdata/autotrust_10key.rpl +++ b/testdata/autotrust_10key.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_2exceed.rpl b/testdata/autotrust_addpend_2exceed.rpl index 5a15f8a13214..6a79a6436b07 100644 --- a/testdata/autotrust_addpend_2exceed.rpl +++ b/testdata/autotrust_addpend_2exceed.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_early.rpl b/testdata/autotrust_addpend_early.rpl index 8ff3299e7ffa..3df5ff2d47f2 100644 --- a/testdata/autotrust_addpend_early.rpl +++ b/testdata/autotrust_addpend_early.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_nosign.rpl b/testdata/autotrust_addpend_nosign.rpl index 689063309615..32fb1beab201 100644 --- a/testdata/autotrust_addpend_nosign.rpl +++ b/testdata/autotrust_addpend_nosign.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_nosignnew.rpl b/testdata/autotrust_addpend_nosignnew.rpl index d3b46d86bedf..32910e9c78d5 100644 --- a/testdata/autotrust_addpend_nosignnew.rpl +++ b/testdata/autotrust_addpend_nosignnew.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_once.rpl b/testdata/autotrust_addpend_once.rpl index 3c7b46804b12..2dcd7372725a 100644 --- a/testdata/autotrust_addpend_once.rpl +++ b/testdata/autotrust_addpend_once.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_addpend_twice.rpl b/testdata/autotrust_addpend_twice.rpl index 9bb788093fb5..2e14b0470e8b 100644 --- a/testdata/autotrust_addpend_twice.rpl +++ b/testdata/autotrust_addpend_twice.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init.rpl b/testdata/autotrust_init.rpl index f7208c264280..35a693be9a12 100644 --- a/testdata/autotrust_init.rpl +++ b/testdata/autotrust_init.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_ds.rpl b/testdata/autotrust_init_ds.rpl index 6245a4addab7..765d58919453 100644 --- a/testdata/autotrust_init_ds.rpl +++ b/testdata/autotrust_init_ds.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_fail.rpl b/testdata/autotrust_init_fail.rpl index bd7098ea7d15..bf8f5d342555 100644 --- a/testdata/autotrust_init_fail.rpl +++ b/testdata/autotrust_init_fail.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_failsig.rpl b/testdata/autotrust_init_failsig.rpl index 792ac9ead69e..4348878aad37 100644 --- a/testdata/autotrust_init_failsig.rpl +++ b/testdata/autotrust_init_failsig.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_legacy.rpl b/testdata/autotrust_init_legacy.rpl index f188d0aed784..91c3e7b1a924 100644 --- a/testdata/autotrust_init_legacy.rpl +++ b/testdata/autotrust_init_legacy.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_sigs.rpl b/testdata/autotrust_init_sigs.rpl index 050edf2a95f0..8ee65585d6da 100644 --- a/testdata/autotrust_init_sigs.rpl +++ b/testdata/autotrust_init_sigs.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_init_zsk.rpl b/testdata/autotrust_init_zsk.rpl index 7ef09e45c5cb..08c60f9e1407 100644 --- a/testdata/autotrust_init_zsk.rpl +++ b/testdata/autotrust_init_zsk.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_missing.rpl b/testdata/autotrust_missing.rpl index aab99911c7ea..ed183a3182a7 100644 --- a/testdata/autotrust_missing.rpl +++ b/testdata/autotrust_missing.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_missing_all.rpl b/testdata/autotrust_missing_all.rpl index 0c78aa6b109a..0813ef68ffb5 100644 --- a/testdata/autotrust_missing_all.rpl +++ b/testdata/autotrust_missing_all.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_missing_returns.rpl b/testdata/autotrust_missing_returns.rpl index d44e0b049859..93735f1b9745 100644 --- a/testdata/autotrust_missing_returns.rpl +++ b/testdata/autotrust_missing_returns.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_probefail.rpl b/testdata/autotrust_probefail.rpl index 7b8429d8bdf7..7e5a4da82bed 100644 --- a/testdata/autotrust_probefail.rpl +++ b/testdata/autotrust_probefail.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_probefailsig.rpl b/testdata/autotrust_probefailsig.rpl index 1b6e288a19d2..7abf373dd4a5 100644 --- a/testdata/autotrust_probefailsig.rpl +++ b/testdata/autotrust_probefailsig.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revoked_use.rpl b/testdata/autotrust_revoked_use.rpl index ae72c42f6ba5..c87da44e7221 100644 --- a/testdata/autotrust_revoked_use.rpl +++ b/testdata/autotrust_revoked_use.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revoked_with_invalid.rpl b/testdata/autotrust_revoked_with_invalid.rpl index 144bf4918b47..0c717f1adfac 100644 --- a/testdata/autotrust_revoked_with_invalid.rpl +++ b/testdata/autotrust_revoked_with_invalid.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revtp.rpl b/testdata/autotrust_revtp.rpl index 40075e731a4b..275c8c6e18f7 100644 --- a/testdata/autotrust_revtp.rpl +++ b/testdata/autotrust_revtp.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revtp_read.rpl b/testdata/autotrust_revtp_read.rpl index 80d505028322..cd48a6339888 100644 --- a/testdata/autotrust_revtp_read.rpl +++ b/testdata/autotrust_revtp_read.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes val-override-date: '20091018111500' + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_revtp_use.rpl b/testdata/autotrust_revtp_use.rpl index 37a097dcabb3..40223d334123 100644 --- a/testdata/autotrust_revtp_use.rpl +++ b/testdata/autotrust_revtp_use.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes val-override-date: '20091018111500' + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_rollalgo.rpl b/testdata/autotrust_rollalgo.rpl index 4deec32a8348..2381d399e99d 100644 --- a/testdata/autotrust_rollalgo.rpl +++ b/testdata/autotrust_rollalgo.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_rollalgo_unknown.rpl b/testdata/autotrust_rollalgo_unknown.rpl index 621e5d13cc6f..9fedab2b80de 100644 --- a/testdata/autotrust_rollalgo_unknown.rpl +++ b/testdata/autotrust_rollalgo_unknown.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_rollover.rpl b/testdata/autotrust_rollover.rpl index 0b94418fe306..f45ae53c4534 100644 --- a/testdata/autotrust_rollover.rpl +++ b/testdata/autotrust_rollover.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/autotrust_valid_use.rpl b/testdata/autotrust_valid_use.rpl index d461da78a863..43d550026d61 100644 --- a/testdata/autotrust_valid_use.rpl +++ b/testdata/autotrust_valid_use.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" log-time-ascii: yes + fake-sha1: yes stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. diff --git a/testdata/black_data.rpl b/testdata/black_data.rpl index dd703f62b188..945e8110732f 100644 --- a/testdata/black_data.rpl +++ b/testdata/black_data.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_dnskey.rpl b/testdata/black_dnskey.rpl index 0537757c0de4..a8662bb728e9 100644 --- a/testdata/black_dnskey.rpl +++ b/testdata/black_dnskey.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_ds.rpl b/testdata/black_ds.rpl index 7638c1b3f67b..be605e011127 100644 --- a/testdata/black_ds.rpl +++ b/testdata/black_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_ds_entry.rpl b/testdata/black_ds_entry.rpl index f77eecba423e..42e56a50fa86 100644 --- a/testdata/black_ds_entry.rpl +++ b/testdata/black_ds_entry.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_ent.rpl b/testdata/black_ent.rpl index 5aa3d3b04916..2d84cd22d01c 100644 --- a/testdata/black_ent.rpl +++ b/testdata/black_ent.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_key_entry.rpl b/testdata/black_key_entry.rpl index 6a644da1843b..167c91b5e4b3 100644 --- a/testdata/black_key_entry.rpl +++ b/testdata/black_key_entry.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_prime.rpl b/testdata/black_prime.rpl index bb89c39ac617..8e2ba492b670 100644 --- a/testdata/black_prime.rpl +++ b/testdata/black_prime.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/black_prime_entry.rpl b/testdata/black_prime_entry.rpl index 9bcb1857d65b..0e092cb60103 100644 --- a/testdata/black_prime_entry.rpl +++ b/testdata/black_prime_entry.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/chaos_trustanchor.rpl b/testdata/chaos_trustanchor.rpl new file mode 100644 index 000000000000..b46b7dcf1249 --- /dev/null +++ b/testdata/chaos_trustanchor.rpl @@ -0,0 +1,145 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + hide-trustanchor: no + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test chaos trustanchor query + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +trustanchor.unbound. CH TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +trustanchor.unbound. CH TXT +SECTION ANSWER +trustanchor.unbound. CH TXT "example.com. 2854" +ENTRY_END + +SCENARIO_END diff --git a/testdata/dlv_anchor.rpl b/testdata/dlv_anchor.rpl index d9388862ee4b..e00ea99bd2a8 100644 --- a/testdata/dlv_anchor.rpl +++ b/testdata/dlv_anchor.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_ask_higher.rpl b/testdata/dlv_ask_higher.rpl index 365d3611f0a4..1e108b7b6f5b 100644 --- a/testdata/dlv_ask_higher.rpl +++ b/testdata/dlv_ask_higher.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_below_ta.rpl b/testdata/dlv_below_ta.rpl index 78d17f81b502..2aa1ee107fbb 100644 --- a/testdata/dlv_below_ta.rpl +++ b/testdata/dlv_below_ta.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_delegation.rpl b/testdata/dlv_delegation.rpl index a921dc9fb229..24e3af2e5299 100644 --- a/testdata/dlv_delegation.rpl +++ b/testdata/dlv_delegation.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_ds_lookup.rpl b/testdata/dlv_ds_lookup.rpl index 3b2d79ad5fbe..70c89d66781d 100644 --- a/testdata/dlv_ds_lookup.rpl +++ b/testdata/dlv_ds_lookup.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_insecure.rpl b/testdata/dlv_insecure.rpl index d8e6aba20a60..b37d5f61e745 100644 --- a/testdata/dlv_insecure.rpl +++ b/testdata/dlv_insecure.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" harden-referral-path: no target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_insecure_negcache.rpl b/testdata/dlv_insecure_negcache.rpl index a0437750e27f..bafd41efb895 100644 --- a/testdata/dlv_insecure_negcache.rpl +++ b/testdata/dlv_insecure_negcache.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" harden-referral-path: no target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_keyretry.rpl b/testdata/dlv_keyretry.rpl index 474d1e9d2c99..e7dc6c7c8d73 100644 --- a/testdata/dlv_keyretry.rpl +++ b/testdata/dlv_keyretry.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_negnx.rpl b/testdata/dlv_negnx.rpl index 79bdea774b50..218a57d85e61 100644 --- a/testdata/dlv_negnx.rpl +++ b/testdata/dlv_negnx.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_optout.rpl b/testdata/dlv_optout.rpl index b0f84db575c8..7fbb560bd6e4 100644 --- a/testdata/dlv_optout.rpl +++ b/testdata/dlv_optout.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove.rpl b/testdata/dlv_remove.rpl index 1b8b642d8a8a..d503148c7d76 100644 --- a/testdata/dlv_remove.rpl +++ b/testdata/dlv_remove.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove_empty.rpl b/testdata/dlv_remove_empty.rpl index 30afceda0328..2e9b4bcf6638 100644 --- a/testdata/dlv_remove_empty.rpl +++ b/testdata/dlv_remove_empty.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove_nodel.rpl b/testdata/dlv_remove_nodel.rpl index 799e841e8ea7..1f2d94721abd 100644 --- a/testdata/dlv_remove_nodel.rpl +++ b/testdata/dlv_remove_nodel.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_remove_pos.rpl b/testdata/dlv_remove_pos.rpl index de7da4473155..6309acbf10f3 100644 --- a/testdata/dlv_remove_pos.rpl +++ b/testdata/dlv_remove_pos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dlv_unused.rpl b/testdata/dlv_unused.rpl index 47650a060fba..4d3233285137 100644 --- a/testdata/dlv_unused.rpl +++ b/testdata/dlv_unused.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/dnscrypt_cert.tpkg b/testdata/dnscrypt_cert.tpkg Binary files differnew file mode 100644 index 000000000000..18b41a27f16d --- /dev/null +++ b/testdata/dnscrypt_cert.tpkg diff --git a/testdata/dnscrypt_queries.tpkg b/testdata/dnscrypt_queries.tpkg Binary files differnew file mode 100644 index 000000000000..fa3cdca0056c --- /dev/null +++ b/testdata/dnscrypt_queries.tpkg diff --git a/testdata/fwd_bogus.tpkg b/testdata/fwd_bogus.tpkg Binary files differindex 9f4d655dc204..3a49d1f7558d 100644 --- a/testdata/fwd_bogus.tpkg +++ b/testdata/fwd_bogus.tpkg diff --git a/testdata/fwd_edns_bksec.tpkg b/testdata/fwd_edns_bksec.tpkg Binary files differindex ad63224d17cc..dc8ac739d626 100644 --- a/testdata/fwd_edns_bksec.tpkg +++ b/testdata/fwd_edns_bksec.tpkg diff --git a/testdata/fwddlv_parse.rpl b/testdata/fwddlv_parse.rpl index dd68cf246b18..d79d31f40251 100644 --- a/testdata/fwddlv_parse.rpl +++ b/testdata/fwddlv_parse.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw==" val-override-date: "20090617133009" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_class_any.rpl b/testdata/iter_class_any.rpl index 2242cbb9cc70..a1fac46c9bcc 100644 --- a/testdata/iter_class_any.rpl +++ b/testdata/iter_class_any.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dname_insec.rpl b/testdata/iter_dname_insec.rpl new file mode 100644 index 000000000000..8f4a29c79e19 --- /dev/null +++ b/testdata/iter_dname_insec.rpl @@ -0,0 +1,1054 @@ +; config options +server: + harden-referral-path: no + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +; root infrastucture +RANGE_BEGIN 0 10000000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +shortloop. IN TXT +SECTION ANSWER +shortloop. IN TXT "shortloop end" +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +x. IN A +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END +; end of root infrastucture + +; a.gtld-servers.net. (com. net. x.) +RANGE_BEGIN 0 10000000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN NS +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN DNAME +SECTION AUTHORITY +x. IN DNAME . +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x.x. IN CNAME shortloop.x. +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; DNAME at zone apex, allowed by RFC 6672 section 2.3 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN DNAME +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A +SECTION ANSWER +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END +RANGE_END +; end of a.gtld-servers.net. + +; RFC 6672 section 2.2. The DNAME Substitution table tests +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;1 com. example.com. example.net. <no match> +;2 example.com. example.com. example.net. [0] +;3 a.example.com. example.com. example.net. a.example.net. +;4 a.b.example.com. example.com. example.net. a.b.example.net. +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. +;7 a.x.example.com. x.example.com. example.net. a.example.net. +;8 a.example.com. example.com. y.example.net. a.y.example.net. +;9 cyc.example.com. example.com. example.com. cyc.example.com. +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +;11 shortloop.x.x. x. . shortloop.x. +;12 shortloop.x. x. . shortloop. +; +; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then +; the result is "example.com.", else "<no match>". +; +; Table 1. DNAME Substitution Examples + +; line no. 1 is mostly for authoritative server +; line no. 2 QTYPE != DNAME +STEP 220201 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.com. IN NS +ENTRY_END + +STEP 220202 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. 0 IN A 168.192.2.2 +ENTRY_END + +; line no. 2 QTYPE == DNAME +STEP 220203 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.com. IN DNAME +ENTRY_END + +STEP 220204 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.net. +ENTRY_END + + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;3 a.example.com. example.com. example.net. a.example.net. + +STEP 220301 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.example.com. IN A +ENTRY_END + +STEP 220302 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.example.com. IN CNAME a.example.net. +a.example.net. IN A 10.0.0.97 +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;4 a.b.example.com. example.com. example.net. a.b.example.net. + +STEP 220401 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.b.example.com. IN A +ENTRY_END + +STEP 220402 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a.b.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.b.example.com. IN CNAME a.b.example.net. +a.b.example.net. IN A 10.0.97.98 +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. + +; line no. 5 is mostly for authoritative server +; line no. 6 is basically the same as line no. 3 + +; ns1.example.com. +RANGE_BEGIN 220000 220699 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 2 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.net. +ENTRY_END + +; line 3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.example.com. IN CNAME a.example.net. +ENTRY_END + +; line 4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +a.b.example.com. IN CNAME a.b.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;7 a.x.example.com. x.example.com. example.net. a.example.net. + +STEP 220701 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.x.example.com. IN A +ENTRY_END + +STEP 220702 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a.x.example.com. IN A +SECTION ANSWER +x.example.com. IN DNAME example.net. +a.x.example.com. IN CNAME a.example.net. +a.example.net. IN A 10.0.0.97 +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220700 220799 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 7 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +x.example.com. IN DNAME example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.x.example.com. IN A +SECTION ANSWER +x.example.com. IN DNAME example.net. +a.x.example.com. IN CNAME a.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;8 a.example.com. example.com. y.example.net. a.y.example.net. +; +; a.example.com. was renamed to a2.example.com. to avoid cache clashes +; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) + +STEP 220801 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a2.example.com. IN A +ENTRY_END + +STEP 220802 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +a2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME y.example.net. +a2.example.com. IN CNAME a2.y.example.net. +a2.y.example.net. IN A 10.97.50.121 +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220800 220899 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 8 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME y.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME y.example.net. +a2.example.com. IN CNAME a2.y.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;9 cyc.example.com. example.com. example.com. cyc.example.com. + +STEP 220901 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cyc.example.com. IN A +ENTRY_END + +; Expected result is defined by RFC 1034 section 3.6.2: +; CNAME chains should be followed and CNAME loops signalled as an error +STEP 220902 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +REPLY NOERROR +SECTION QUESTION +cyc.example.com. IN A +SECTION ANSWER +example.com. 0 IN DNAME example.com. +cyc.example.com. 0 IN CNAME cyc.example.com. +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 220900 220999 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 9 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.com. +cyc.example.com. IN CNAME cyc.example.com. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +; +; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes +; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; +; target c.example.com. was renamed to cyc2.example.net. +; to limit number of pre-canned answers required for the test + +STEP 221001 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cyc2.example.com. IN A +ENTRY_END + +; Expected result is defined by RFC 1034 section 3.6.2: +; CNAME chains should be followed and CNAME loops signalled as an error +STEP 221002 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +cyc2.example.com. IN A +ENTRY_END + +; ns1.example.com. +RANGE_BEGIN 221000 221099 + ADDRESS 168.192.2.2 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN A +SECTION ANSWER +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 10 DNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNAME +SECTION ANSWER +example.com. IN DNAME cyc2.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.example.com. IN A +SECTION ANSWER +example.com. IN DNAME cyc2.example.net. +cyc2.example.com. IN CNAME cyc2.cyc2.example.net. +ENTRY_END +RANGE_END +; end of ns1.example.com. + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;11 shortloop.x.x. x. . shortloop.x. + +STEP 221101 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +shortloop.x.x. TXT +ENTRY_END + +STEP 221102 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +shortloop.x.x. IN TXT +SECTION ANSWER +x. IN DNAME . +shortloop.x.x. IN CNAME shortloop.x. +;;x. IN DNAME . +shortloop.x. IN CNAME shortloop. +shortloop. IN TXT "shortloop end" +ENTRY_END + +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;12 shortloop.x. x. . shortloop. + +; expire potentically cached CNAMEs for shortloop.x. from cache +STEP 221200 TIME_PASSES ELAPSE 10000 + +STEP 221201 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +shortloop.x. TXT +ENTRY_END + +STEP 221202 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +shortloop.x. IN TXT +SECTION ANSWER +x. IN DNAME . +shortloop.x. IN CNAME shortloop. +shortloop. IN TXT "shortloop end" +ENTRY_END + + +; ns1.example.net. (data shared by whole 22xxxx range) +RANGE_BEGIN 220000 229999 + ADDRESS 168.192.3.3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.net. IN A +SECTION ANSWER +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns1.example.net. IN AAAA +SECTION ANSWER +ENTRY_END + +; line 3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.net. IN A +SECTION ANSWER +a.example.net. IN A 10.0.0.97 +ENTRY_END + +; line 4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.example.net. IN A +SECTION ANSWER +a.b.example.net. IN A 10.0.97.98 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a2.y.example.net. IN A +SECTION ANSWER +a2.y.example.net. IN A 10.97.50.121 +ENTRY_END + +; line 10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.example.net. IN DNAME +SECTION ANSWER +cyc2.example.net. IN DNAME example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +cyc2.cyc2.example.net. IN A +SECTION ANSWER +cyc2.example.net. IN DNAME example.com. +cyc2.cyc2.example.com. IN CNAME cyc2.example.com. +ENTRY_END +RANGE_END +; end of ns1.example.net. + + +; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution +; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. +STEP 229001 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +x.long. IN A +ENTRY_END + +; query returning maximal permissible length - should work +STEP 229002 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +; result of substitution has too long name +; YXDOMAIN should be propagated to the client +; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html +;TODO +; STEP 229003 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; too.long. IN A +; ENTRY_END +; +; STEP 229004 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH all +; REPLY QR YXDOMAIN +; SECTION QUESTION +; x.long. IN A +; SECTION ANSWER +; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; ENTRY_END + +; YXDOMAIN should work even if the cache is empty +STEP 229005 TIME_PASSES ELAPSE 4000 + +; STEP 229006 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; too.long. IN A +; ENTRY_END +; +; STEP 229007 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH all +; REPLY QR YXDOMAIN +; SECTION QUESTION +; x.long. IN A +; SECTION ANSWER +; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; ENTRY_END + + + + +SCENARIO_END diff --git a/testdata/iter_dname_yx.rpl b/testdata/iter_dname_yx.rpl new file mode 100644 index 000000000000..18b9725cc66f --- /dev/null +++ b/testdata/iter_dname_yx.rpl @@ -0,0 +1,1041 @@ +; config options +server: + harden-referral-path: no + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test scrub of insecure DNAME in answer section + +; root infrastucture +RANGE_BEGIN 0 10000000 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +shortloop. IN TXT +SECTION ANSWER +shortloop. IN TXT "shortloop end" +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN A +SECTION ANSWER +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +K.ROOT-SERVERS.NET. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH subdomain opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +x. IN A +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END +; end of root infrastucture + +; a.gtld-servers.net. (com. net. x.) +RANGE_BEGIN 0 10000000 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN A +SECTION ANSWER +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.gtld-servers.net. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns1.example.com. +SECTION ADDITIONAL +ns1.example.com. IN A 168.192.2.2 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns1.example.net. +SECTION ADDITIONAL +ns1.example.net. IN A 168.192.3.3 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN NS +SECTION AUTHORITY +x. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x. IN DNAME +SECTION AUTHORITY +x. IN DNAME . +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x.x. IN CNAME shortloop.x. +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +shortloop.x. IN CNAME +SECTION ANSWER +x. DNAME . +shortloop.x. IN CNAME shortloop. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS +SECTION AUTHORITY +60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +long. IN NS +SECTION AUTHORITY +long. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +; DNAME at zone apex, allowed by RFC 6672 section 2.3 +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +long. IN DNAME +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname qtype opcode +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. IN A +SECTION ANSWER +x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +ENTRY_END + +ENTRY_BEGIN +MATCH qname opcode +ADJUST copy_id copy_query +REPLY QR AA YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END +RANGE_END +; end of a.gtld-servers.net. + +; RFC 6672 section 2.2. The DNAME Substitution table tests +;# QNAME owner DNAME target result +;-- ---------------- -------------- -------------- ----------------- +;1 com. example.com. example.net. <no match> +;2 example.com. example.com. example.net. [0] +;3 a.example.com. example.com. example.net. a.example.net. +;4 a.b.example.com. example.com. example.net. a.b.example.net. +;5 ab.example.com. b.example.com. example.net. <no match> +;6 foo.example.com. example.com. example.net. foo.example.net. +;7 a.x.example.com. x.example.com. example.net. a.example.net. +;8 a.example.com. example.com. y.example.net. a.y.example.net. +;9 cyc.example.com. example.com. example.com. cyc.example.com. +;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +;11 shortloop.x.x. x. . shortloop.x. +;12 shortloop.x. x. . shortloop. +; +; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then +; the result is "example.com.", else "<no match>". +; +; Table 1. DNAME Substitution Examples + +; ; line no. 1 is mostly for authoritative server +; ; line no. 2 QTYPE != DNAME +; STEP 220201 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; example.com. IN NS +; ENTRY_END +; +; STEP 220202 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode answer +; REPLY QR RD RA DO +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; ENTRY_END +; +; ; line no. 2 QTYPE == DNAME +; STEP 220203 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; example.com. IN DNAME +; ENTRY_END +; +; STEP 220204 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY QR RD RA DO +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.net. +; ENTRY_END +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;3 a.example.com. example.com. example.net. a.example.net. +; +; STEP 220301 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.example.com. IN A +; ENTRY_END +; +; STEP 220302 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.example.com. IN CNAME a.example.net. +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;4 a.b.example.com. example.com. example.net. a.b.example.net. +; +; STEP 220401 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.b.example.com. IN A +; ENTRY_END +; +; STEP 220402 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.b.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.b.example.com. IN CNAME a.b.example.net. +; a.b.example.net. IN A 10.0.97.98 +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;5 ab.example.com. b.example.com. example.net. <no match> +; ;6 foo.example.com. example.com. example.net. foo.example.net. +; +; ; line no. 5 is mostly for authoritative server +; ; line no. 6 is basically the same as line no. 3 +; +; ; ns1.example.com. +; RANGE_BEGIN 220000 220699 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 2 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.net. +; ENTRY_END +; +; ; line 3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.example.com. IN CNAME a.example.net. +; ENTRY_END +; +; ; line 4 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.b.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.net. +; a.b.example.com. IN CNAME a.b.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;7 a.x.example.com. x.example.com. example.net. a.example.net. +; +; STEP 220701 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a.x.example.com. IN A +; ENTRY_END +; +; STEP 220702 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a.x.example.com. IN A +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; a.x.example.com. IN CNAME a.example.net. +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220700 220799 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 7 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.x.example.com. IN A +; SECTION ANSWER +; x.example.com. IN DNAME example.net. +; a.x.example.com. IN CNAME a.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;8 a.example.com. example.com. y.example.net. a.y.example.net. +; ; +; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes +; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; +; STEP 220801 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; a2.example.com. IN A +; ENTRY_END +; +; STEP 220802 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; a2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; a2.example.com. IN CNAME a2.y.example.net. +; a2.y.example.net. IN A 10.97.50.121 +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220800 220899 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 8 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME y.example.net. +; a2.example.com. IN CNAME a2.y.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;9 cyc.example.com. example.com. example.com. cyc.example.com. +; +; STEP 220901 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; cyc.example.com. IN A +; ENTRY_END +; +; ; Expected result is defined by RFC 1034 section 3.6.2: +; ; CNAME chains should be followed and CNAME loops signalled as an error +; STEP 220902 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY SERVFAIL +; SECTION QUESTION +; cyc.example.com. IN A +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 220900 220999 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 9 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME example.com. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME example.com. +; cyc.example.com. IN CNAME cyc.example.com. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. +; ; +; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes +; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) +; ; +; ; target c.example.com. was renamed to cyc2.example.net. +; ; to limit number of pre-canned answers required for the test +; +; STEP 221001 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; cyc2.example.com. IN A +; ENTRY_END +; +; ; Expected result is defined by RFC 1034 section 3.6.2: +; ; CNAME chains should be followed and CNAME loops signalled as an error +; STEP 221002 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; REPLY SERVFAIL +; SECTION QUESTION +; cyc2.example.com. IN A +; ENTRY_END +; +; ; ns1.example.com. +; RANGE_BEGIN 221000 221099 +; ADDRESS 168.192.2.2 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN NS +; SECTION ANSWER +; example.com. IN NS ns1.example.com. +; SECTION ADDITIONAL +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN A +; SECTION ANSWER +; ns1.example.com. IN A 168.192.2.2 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.com. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 10 DNAME +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.com. IN DNAME +; SECTION ANSWER +; example.com. IN DNAME cyc2.example.net. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.example.com. IN A +; SECTION ANSWER +; example.com. IN DNAME cyc2.example.net. +; cyc2.example.com. IN CNAME cyc2.cyc2.example.net. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.com. +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;11 shortloop.x.x. x. . shortloop.x. +; +; STEP 221101 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; shortloop.x.x. TXT +; ENTRY_END +; +; STEP 221102 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; shortloop.x.x. IN TXT +; SECTION ANSWER +; x. IN DNAME . +; ; unbound hack +; x. IN DNAME . +; shortloop.x.x. IN CNAME shortloop.x. +; shortloop.x. IN CNAME shortloop. +; shortloop. IN TXT "shortloop end" +; ENTRY_END +; +; ;# QNAME owner DNAME target result +; ;-- ---------------- -------------- -------------- ----------------- +; ;12 shortloop.x. x. . shortloop. +; +; ; expire potentically cached CNAMEs for shortloop.x. from cache +; STEP 221200 TIME_PASSES ELAPSE 10000 +; +; STEP 221201 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; shortloop.x. TXT +; ENTRY_END +; +; STEP 221202 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; shortloop.x. IN TXT +; SECTION ANSWER +; x. IN DNAME . +; shortloop.x. IN CNAME shortloop. +; shortloop. IN TXT "shortloop end" +; ENTRY_END +; +; +; ; ns1.example.net. (data shared by whole 22xxxx range) +; RANGE_BEGIN 220000 229999 +; ADDRESS 168.192.3.3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; example.net. IN NS +; SECTION ANSWER +; example.net. IN NS ns1.example.net. +; SECTION ADDITIONAL +; example.net. IN A 168.192.3.3 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.net. IN A +; SECTION ANSWER +; ns1.example.net. IN A 168.192.3.3 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; ns1.example.net. IN AAAA +; SECTION ANSWER +; ENTRY_END +; +; ; line 3 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.example.net. IN A +; SECTION ANSWER +; a.example.net. IN A 10.0.0.97 +; ENTRY_END +; +; ; line 4 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a.b.example.net. IN A +; SECTION ANSWER +; a.b.example.net. IN A 10.0.97.98 +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; a2.y.example.net. IN A +; SECTION ANSWER +; a2.y.example.net. IN A 10.97.50.121 +; ENTRY_END +; +; ; line 10 +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.example.net. IN DNAME +; SECTION ANSWER +; cyc2.example.net. IN DNAME example.com. +; ENTRY_END +; +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA NOERROR +; SECTION QUESTION +; cyc2.cyc2.example.net. IN A +; SECTION ANSWER +; cyc2.example.net. IN DNAME example.com. +; cyc2.cyc2.example.com. IN CNAME cyc2.example.com. +; ENTRY_END +; RANGE_END +; ; end of ns1.example.net. +; +; +; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution +; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. +; STEP 229001 QUERY +; ENTRY_BEGIN +; REPLY RD DO +; SECTION QUESTION +; x.long. IN A +; ENTRY_END +; +; ; query returning maximal permissible length - should work +; STEP 229002 CHECK_ANSWER +; ENTRY_BEGIN +; MATCH rcode question answer +; SECTION QUESTION +; x.long. IN A +; SECTION ANSWER +; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 +; ENTRY_END + +; result of substitution has too long name +; YXDOMAIN should be propagated to the client +; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html +STEP 229003 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +too.long. IN A +ENTRY_END + +STEP 229004 CHECK_ANSWER +ENTRY_BEGIN +MATCH rcode question answer +REPLY QR YXDOMAIN +SECTION QUESTION +too.long. IN A +SECTION ANSWER +long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +ENTRY_END + + ; ; YXDOMAIN should work even if the cache is empty + ; STEP 229005 TIME_PASSES ELAPSE 4000 + ; + ; STEP 229006 QUERY + ; ENTRY_BEGIN + ; REPLY RD DO + ; SECTION QUESTION + ; too.long. IN A + ; ENTRY_END + ; + ; STEP 229007 CHECK_ANSWER + ; ENTRY_BEGIN + ; MATCH rcode question answer + ; REPLY QR YXDOMAIN + ; SECTION QUESTION + ; x.long. IN A + ; SECTION ANSWER + ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. + ; ENTRY_END + + + + +SCENARIO_END diff --git a/testdata/iter_dnsseclame_bug.rpl b/testdata/iter_dnsseclame_bug.rpl index a22dc96bc551..cb5c549216ba 100644 --- a/testdata/iter_dnsseclame_bug.rpl +++ b/testdata/iter_dnsseclame_bug.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ds.rpl b/testdata/iter_dnsseclame_ds.rpl index 0e8405db94e9..ca7e8f35aeb2 100644 --- a/testdata/iter_dnsseclame_ds.rpl +++ b/testdata/iter_dnsseclame_ds.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ds_ok.rpl b/testdata/iter_dnsseclame_ds_ok.rpl index 0ff322cd42bc..eb0ad34d4922 100644 --- a/testdata/iter_dnsseclame_ds_ok.rpl +++ b/testdata/iter_dnsseclame_ds_ok.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ta.rpl b/testdata/iter_dnsseclame_ta.rpl index 9472dcc1a1e6..6569949b274f 100644 --- a/testdata/iter_dnsseclame_ta.rpl +++ b/testdata/iter_dnsseclame_ta.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_dnsseclame_ta_ok.rpl b/testdata/iter_dnsseclame_ta_ok.rpl index e794b54fdaa8..9c2e0a5d762e 100644 --- a/testdata/iter_dnsseclame_ta_ok.rpl +++ b/testdata/iter_dnsseclame_ta_ok.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_emptydp.rpl b/testdata/iter_emptydp.rpl index 260888c32e51..8e1e4a68d6a7 100644 --- a/testdata/iter_emptydp.rpl +++ b/testdata/iter_emptydp.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_emptydp_for_glue.rpl b/testdata/iter_emptydp_for_glue.rpl index 91e76711ee95..ab19a6b91e65 100644 --- a/testdata/iter_emptydp_for_glue.rpl +++ b/testdata/iter_emptydp_for_glue.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_primenoglue.rpl b/testdata/iter_primenoglue.rpl index c3709dcb1adb..3963a989ddee 100644 --- a/testdata/iter_primenoglue.rpl +++ b/testdata/iter_primenoglue.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "3 2 1 0 0" # make sure it fetches for test + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_scrub_dname_rev.rpl b/testdata/iter_scrub_dname_rev.rpl index 44939de0a17f..dc259bf63d45 100644 --- a/testdata/iter_scrub_dname_rev.rpl +++ b/testdata/iter_scrub_dname_rev.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/iter_scrub_dname_sec.rpl b/testdata/iter_scrub_dname_sec.rpl index 1ce74ca17785..6cfa19455e8a 100644 --- a/testdata/iter_scrub_dname_sec.rpl +++ b/testdata/iter_scrub_dname_sec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/net_signed_servfail.rpl b/testdata/net_signed_servfail.rpl index 9fd50df972e9..23669ec2fb8a 100644 --- a/testdata/net_signed_servfail.rpl +++ b/testdata/net_signed_servfail.rpl @@ -4,6 +4,7 @@ server: trust-anchor: ". IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk)}" val-override-date: "20110207110823" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/nomem_cnametopos.rpl b/testdata/nomem_cnametopos.rpl index 68a0b96cbccc..3bc66f753de1 100644 --- a/testdata/nomem_cnametopos.rpl +++ b/testdata/nomem_cnametopos.rpl @@ -7,6 +7,7 @@ server: msg-cache-size: 8 rrset-cache-size: 8 target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/stop_nxdomain.rpl b/testdata/stop_nxdomain.rpl index 9c57ec71bd47..a36138e9100d 100644 --- a/testdata/stop_nxdomain.rpl +++ b/testdata/stop_nxdomain.rpl @@ -4,6 +4,7 @@ server: harden-below-nxdomain: yes trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/stop_nxdomain_minimised.rpl b/testdata/stop_nxdomain_minimised.rpl index 8882b7bd9080..6b9cbef0ce88 100644 --- a/testdata/stop_nxdomain_minimised.rpl +++ b/testdata/stop_nxdomain_minimised.rpl @@ -5,6 +5,7 @@ server: qname-minimisation: yes trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" val-override-date: "20070916134226" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/subnet_cached.crpl b/testdata/subnet_cached.crpl new file mode 100644 index 000000000000..fefbdd1a0d83 --- /dev/null +++ b/testdata/subnet_cached.crpl @@ -0,0 +1,234 @@ +; Ask the same question twice. Check to see second is answered +; from cache + +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN DNSKEY + SECTION ANSWER + example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} + example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ;127.0.0.0/17 + HEX_ANSWER_END +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 11 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +STEP 11 QUERY + +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 00 00 00 01 00 00 ;ID 0, no RD + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 12 00 ; ip4, scope 18, source 0 + 7f 00 00 ;127.0.0.0/18 + HEX_ANSWER_END +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 12 11 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_derived.crpl b/testdata/subnet_derived.crpl new file mode 100644 index 000000000000..e2944ff8c07f --- /dev/null +++ b/testdata/subnet_derived.crpl @@ -0,0 +1,163 @@ +server: + send-client-subnet: 5.0.15.10 + send-client-subnet: 193.0.14.129 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache validator iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Must not send subnet option for 'derived' queries. + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_format_ip4.crpl b/testdata/subnet_format_ip4.crpl new file mode 100644 index 000000000000..2ee3c7d4ec1b --- /dev/null +++ b/testdata/subnet_format_ip4.crpl @@ -0,0 +1,160 @@ +server: + send-client-subnet: 5.0.15.10 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache validator iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Subnet option ONLY in final query + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode opcode qtype qname ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_not_whitelisted.crpl b/testdata/subnet_not_whitelisted.crpl new file mode 100644 index 000000000000..474687b5856e --- /dev/null +++ b/testdata/subnet_not_whitelisted.crpl @@ -0,0 +1,156 @@ +server: + send-client-subnet: 9.9.9.9/32 + client-subnet-opcode: 20730 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache validator iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Subnet option MUST NOT be send to any host + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_val_positive.crpl b/testdata/subnet_val_positive.crpl new file mode 100644 index 000000000000..732657374a13 --- /dev/null +++ b/testdata/subnet_val_positive.crpl @@ -0,0 +1,183 @@ +; Test subnet option in combination with dnssec + +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN DNSKEY + SECTION ANSWER + example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} + example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN + REPLY RD DO + SECTION QUESTION + www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_val_positive_client.crpl b/testdata/subnet_val_positive_client.crpl new file mode 100644 index 000000000000..96be71f5082f --- /dev/null +++ b/testdata/subnet_val_positive_client.crpl @@ -0,0 +1,194 @@ +; Test subnet option in combination with dnssec +; Client asks for subnet data + +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + module-config: "subnetcache validator iterator" + verbosity: 3 + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + com. IN NS + SECTION ANSWER + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN DNSKEY + SECTION ANSWER + example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} + example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN + HEX_ANSWER_BEGIN; + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 11 00 ; ip4, scope 17, source 0 + 7f 00 00 ;127.0.0.0/17 + HEX_ANSWER_END +ENTRY_END + + + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ednsdata + REPLY QR RD RA AD NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 10.20.30.40 + www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + SECTION AUTHORITY + example.com. IN NS ns.example.com. + example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/subnet_without_validator.crpl b/testdata/subnet_without_validator.crpl new file mode 100644 index 000000000000..ea0daf730384 --- /dev/null +++ b/testdata/subnet_without_validator.crpl @@ -0,0 +1,160 @@ +server: + send-client-subnet: 5.0.15.10 + max-client-subnet-ipv4: 21 + verbosity: 3 + module-config: "subnetcache iterator" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Works without validator module + +RANGE_BEGIN 0 100 + + ADDRESS 193.0.14.129 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + . IN NS + SECTION ANSWER + . IN NS K.ROOT-SERVERS.NET. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + K.ROOT-SERVERS.NET. IN A 193.0.14.129 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + a.gtld-servers.net. IN AAAA + SECTION AUTHORITY + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION AUTHORITY + com. IN NS a.gtld-servers.net. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + a.gtld-servers.net. IN A 192.5.6.30 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 192.5.6.30 + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 100 + + ADDRESS 5.0.15.10 + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ns.example.com. IN A 5.0.15.10 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + ns.example.com. IN AAAA + SECTION ANSWER + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ;; we expect to receive empty + HEX_EDNSDATA_END + ENTRY_END + + ENTRY_BEGIN + MATCH opcode subdomain ednsdata + ADJUST copy_id copy_query + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 15 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END + ENTRY_END + +RANGE_END + +;; ---------------------------------------- + +STEP 1 QUERY + + ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A + ENTRY_END + +STEP 10 CHECK_ANSWER + + ENTRY_BEGIN + MATCH all + REPLY QR RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. IN A 4.3.2.1 + SECTION AUTHORITY + SECTION ADDITIONAL + ENTRY_END + +SCENARIO_END diff --git a/testdata/val_adbit.rpl b/testdata/val_adbit.rpl index bffc9b71370c..8e9b76e6f7e4 100644 --- a/testdata/val_adbit.rpl +++ b/testdata/val_adbit.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_adcopy.rpl b/testdata/val_adcopy.rpl index 6cd9ad6ecdff..04d04880b915 100644 --- a/testdata/val_adcopy.rpl +++ b/testdata/val_adcopy.rpl @@ -4,6 +4,7 @@ server: #trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_anchor_nx.rpl b/testdata/val_anchor_nx.rpl index be347b11d65c..dbb384dc9145 100644 --- a/testdata/val_anchor_nx.rpl +++ b/testdata/val_anchor_nx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_anchor_nx_nosig.rpl b/testdata/val_anchor_nx_nosig.rpl index de9be6c456cc..e36180b082f2 100644 --- a/testdata/val_anchor_nx_nosig.rpl +++ b/testdata/val_anchor_nx_nosig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ans_dsent.rpl b/testdata/val_ans_dsent.rpl index 1eb7778c2d4b..dfac62879f91 100644 --- a/testdata/val_ans_dsent.rpl +++ b/testdata/val_ans_dsent.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ans_nx.rpl b/testdata/val_ans_nx.rpl index 257377202bd2..1e4cc8a1f661 100644 --- a/testdata/val_ans_nx.rpl +++ b/testdata/val_ans_nx.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_any.rpl b/testdata/val_any.rpl index 4285f49c5c32..388d25f6c458 100644 --- a/testdata/val_any.rpl +++ b/testdata/val_any.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_any_cname.rpl b/testdata/val_any_cname.rpl index e85c14c20b53..1477299a49c6 100644 --- a/testdata/val_any_cname.rpl +++ b/testdata/val_any_cname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_any_dname.rpl b/testdata/val_any_dname.rpl index 6e94f9a4ee8f..cd9ede9a1bb0 100644 --- a/testdata/val_any_dname.rpl +++ b/testdata/val_any_dname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cname_loop1.rpl b/testdata/val_cname_loop1.rpl index 11d094cdd921..61fcdb7036fd 100644 --- a/testdata/val_cname_loop1.rpl +++ b/testdata/val_cname_loop1.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cname_loop2.rpl b/testdata/val_cname_loop2.rpl index af293401b9c7..26644bc14755 100644 --- a/testdata/val_cname_loop2.rpl +++ b/testdata/val_cname_loop2.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cname_loop3.rpl b/testdata/val_cname_loop3.rpl index e34b0108db2d..fbd0d8abcf3c 100644 --- a/testdata/val_cname_loop3.rpl +++ b/testdata/val_cname_loop3.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnameinsectopos.rpl b/testdata/val_cnameinsectopos.rpl index 29d1565f3cdd..d7ac6deadbaa 100644 --- a/testdata/val_cnameinsectopos.rpl +++ b/testdata/val_cnameinsectopos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamenx_dblnsec.rpl b/testdata/val_cnamenx_dblnsec.rpl index 77c50f60b5c0..85a58b5ef0cf 100644 --- a/testdata/val_cnamenx_dblnsec.rpl +++ b/testdata/val_cnamenx_dblnsec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamenx_rcodenx.rpl b/testdata/val_cnamenx_rcodenx.rpl index 8d9c2d4fea54..f4485921739a 100644 --- a/testdata/val_cnamenx_rcodenx.rpl +++ b/testdata/val_cnamenx_rcodenx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnameqtype.rpl b/testdata/val_cnameqtype.rpl index 66a894f6c2e6..0bd5b62e2ba2 100644 --- a/testdata/val_cnameqtype.rpl +++ b/testdata/val_cnameqtype.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametocloser.rpl b/testdata/val_cnametocloser.rpl index c3377c2395ca..ef20c5674ab7 100644 --- a/testdata/val_cnametocloser.rpl +++ b/testdata/val_cnametocloser.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" val-override-date: "20091113091234" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametocloser_nosig.rpl b/testdata/val_cnametocloser_nosig.rpl index 80d1020037eb..53793aa3e3eb 100644 --- a/testdata/val_cnametocloser_nosig.rpl +++ b/testdata/val_cnametocloser_nosig.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" val-override-date: "20091113091234" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametocnamewctoposwc.rpl b/testdata/val_cnametocnamewctoposwc.rpl index 56faf4130125..e7d9d9460481 100644 --- a/testdata/val_cnametocnamewctoposwc.rpl +++ b/testdata/val_cnametocnamewctoposwc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" val-override-date: "-1" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametodname.rpl b/testdata/val_cnametodname.rpl index 43561d280777..8f60f7e540bc 100644 --- a/testdata/val_cnametodname.rpl +++ b/testdata/val_cnametodname.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametodnametocnametopos.rpl b/testdata/val_cnametodnametocnametopos.rpl index 0a3a32360561..5c2d578edbfa 100644 --- a/testdata/val_cnametodnametocnametopos.rpl +++ b/testdata/val_cnametodnametocnametopos.rpl @@ -6,6 +6,7 @@ server: trust-anchor: "example.org. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametoinsecure.rpl b/testdata/val_cnametoinsecure.rpl index 538e9fb88efc..c39c5e70eb4c 100644 --- a/testdata/val_cnametoinsecure.rpl +++ b/testdata/val_cnametoinsecure.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" trust-anchor: "example.org. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20091011000000" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametonodata.rpl b/testdata/val_cnametonodata.rpl index b930b5607dd6..3e323ff7fc42 100644 --- a/testdata/val_cnametonodata.rpl +++ b/testdata/val_cnametonodata.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametonodata_nonsec.rpl b/testdata/val_cnametonodata_nonsec.rpl index 588273fba008..097fc683acb5 100644 --- a/testdata/val_cnametonodata_nonsec.rpl +++ b/testdata/val_cnametonodata_nonsec.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametonsec.rpl b/testdata/val_cnametonsec.rpl index 6b32b8da55d8..493b40ccdb46 100644 --- a/testdata/val_cnametonsec.rpl +++ b/testdata/val_cnametonsec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametonx.rpl b/testdata/val_cnametonx.rpl index cc3315608dba..c0b8a50da13a 100644 --- a/testdata/val_cnametonx.rpl +++ b/testdata/val_cnametonx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametooptin.rpl b/testdata/val_cnametooptin.rpl index aa58d07f01bd..751d802cce16 100644 --- a/testdata/val_cnametooptin.rpl +++ b/testdata/val_cnametooptin.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametooptout.rpl b/testdata/val_cnametooptout.rpl index 0150a7d87c98..c520383820e1 100644 --- a/testdata/val_cnametooptout.rpl +++ b/testdata/val_cnametooptout.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "GOV. DS 26079 7 2 4ED5FFBC8A40262B56E1232135B929192804ACC006930D087AAB38A611C89041" val-override-date: "20091113091234" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_cnametopos.rpl b/testdata/val_cnametopos.rpl index 9ff4020a909a..822f55e5902c 100644 --- a/testdata/val_cnametopos.rpl +++ b/testdata/val_cnametopos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametoposnowc.rpl b/testdata/val_cnametoposnowc.rpl index 6e8ff4f27d81..7753a5553901 100644 --- a/testdata/val_cnametoposnowc.rpl +++ b/testdata/val_cnametoposnowc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnametoposwc.rpl b/testdata/val_cnametoposwc.rpl index 114fa705acb8..1ceb297fba99 100644 --- a/testdata/val_cnametoposwc.rpl +++ b/testdata/val_cnametoposwc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamewctonodata.rpl b/testdata/val_cnamewctonodata.rpl index 83aec7a025e8..e2095f979636 100644 --- a/testdata/val_cnamewctonodata.rpl +++ b/testdata/val_cnamewctonodata.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamewctonx.rpl b/testdata/val_cnamewctonx.rpl index 7da96e259f39..638b665587c4 100644 --- a/testdata/val_cnamewctonx.rpl +++ b/testdata/val_cnamewctonx.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_cnamewctoposwc.rpl b/testdata/val_cnamewctoposwc.rpl index 33fbc45511f8..731336aa46d5 100644 --- a/testdata/val_cnamewctoposwc.rpl +++ b/testdata/val_cnamewctoposwc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_deleg_nons.rpl b/testdata/val_deleg_nons.rpl index 83cf69232924..bdc68c465f34 100644 --- a/testdata/val_deleg_nons.rpl +++ b/testdata/val_deleg_nons.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_dnametoolong.rpl b/testdata/val_dnametoolong.rpl index b5eea56c6b3e..6cd202ebba96 100644 --- a/testdata/val_dnametoolong.rpl +++ b/testdata/val_dnametoolong.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." @@ -244,10 +245,12 @@ ENTRY_END STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA DO SERVFAIL +REPLY QR RD RA DO YXDOMAIN SECTION QUESTION www.example.com. IN A SECTION ANSWER +example.com. IN DNAME long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854} SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/val_dnametopos.rpl b/testdata/val_dnametopos.rpl index faeb40f9dac4..ed2948a9b8ec 100644 --- a/testdata/val_dnametopos.rpl +++ b/testdata/val_dnametopos.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_dnametoposwc.rpl b/testdata/val_dnametoposwc.rpl index e1e91d494717..c5856150e881 100644 --- a/testdata/val_dnametoposwc.rpl +++ b/testdata/val_dnametoposwc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_dnamewc.rpl b/testdata/val_dnamewc.rpl index c34b9e0f9d2d..9d74ee7ce14d 100644 --- a/testdata/val_dnamewc.rpl +++ b/testdata/val_dnamewc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_afterprime.rpl b/testdata/val_ds_afterprime.rpl index 0b203d2676f2..deac3e550f2c 100644 --- a/testdata/val_ds_afterprime.rpl +++ b/testdata/val_ds_afterprime.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_cname.rpl b/testdata/val_ds_cname.rpl index 95fcf5be7e97..85631e53a320 100644 --- a/testdata/val_ds_cname.rpl +++ b/testdata/val_ds_cname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_cnamesub.rpl b/testdata/val_ds_cnamesub.rpl index d70e2ae29000..618c3caba1cd 100644 --- a/testdata/val_ds_cnamesub.rpl +++ b/testdata/val_ds_cnamesub.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_gost.crpl b/testdata/val_ds_gost.crpl index 10bb7fbd4c3e..ec54cd94857c 100644 --- a/testdata/val_ds_gost.crpl +++ b/testdata/val_ds_gost.crpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_gost_downgrade.crpl b/testdata/val_ds_gost_downgrade.crpl index b8caae2fafaa..a90fa8d180d9 100644 --- a/testdata/val_ds_gost_downgrade.crpl +++ b/testdata/val_ds_gost_downgrade.crpl @@ -4,6 +4,8 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + harden-algo-downgrade: yes stub-zone: name: "." diff --git a/testdata/val_ds_sha2.crpl b/testdata/val_ds_sha2.crpl index 6b92e230f486..9ecba61bc618 100644 --- a/testdata/val_ds_sha2.crpl +++ b/testdata/val_ds_sha2.crpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" fake-dsa: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ds_sha2_downgrade.crpl b/testdata/val_ds_sha2_downgrade.crpl index ea4a48105cd4..5d9eecb6e236 100644 --- a/testdata/val_ds_sha2_downgrade.crpl +++ b/testdata/val_ds_sha2_downgrade.crpl @@ -5,6 +5,8 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" fake-dsa: yes + fake-sha1: yes + harden-algo-downgrade: yes stub-zone: name: "." diff --git a/testdata/val_ds_sha2_lenient.crpl b/testdata/val_ds_sha2_lenient.crpl new file mode 100644 index 000000000000..fb0fdf01f24f --- /dev/null +++ b/testdata/val_ds_sha2_lenient.crpl @@ -0,0 +1,227 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes + fake-sha1: yes + harden-algo-downgrade: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 lenience + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; Downgrade attack: false SHA2, correct SHA1 + +; SHA256 DS for sub.example.com. +;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033 +; BAD SHA256 DS +sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000 + +; SHA1 DS for sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +; must servfail, BOGUS +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_dsnsec.rpl b/testdata/val_dsnsec.rpl index 5e55b2ba03eb..f0facea9770c 100644 --- a/testdata/val_dsnsec.rpl +++ b/testdata/val_dsnsec.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_entds.rpl b/testdata/val_entds.rpl index 6ad86271a2a1..9a0b539bb748 100644 --- a/testdata/val_entds.rpl +++ b/testdata/val_entds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_faildnskey.rpl b/testdata/val_faildnskey.rpl index 7d0350f1a1a3..4fb7d70c2002 100644 --- a/testdata/val_faildnskey.rpl +++ b/testdata/val_faildnskey.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" # test that default value of harden-dnssec-stripped is still yes. + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_faildnskey_ok.rpl b/testdata/val_faildnskey_ok.rpl index 3764000f10d8..5a50b0fb5e43 100644 --- a/testdata/val_faildnskey_ok.rpl +++ b/testdata/val_faildnskey_ok.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" harden-dnssec-stripped: no target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_fwdds.rpl b/testdata/val_fwdds.rpl index 26e30f44c957..f6c23c6cd5e5 100644 --- a/testdata/val_fwdds.rpl +++ b/testdata/val_fwdds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_keyprefetch.rpl b/testdata/val_keyprefetch.rpl index 9b927b20ef4c..4920375b7ee1 100644 --- a/testdata/val_keyprefetch.rpl +++ b/testdata/val_keyprefetch.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" prefetch-key: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_keyprefetch_verify.rpl b/testdata/val_keyprefetch_verify.rpl index 5f044cc2f28b..3c3ea4d55165 100644 --- a/testdata/val_keyprefetch_verify.rpl +++ b/testdata/val_keyprefetch_verify.rpl @@ -6,6 +6,7 @@ server: target-fetch-policy: "0 0 0 0 0" prefetch-key: yes prefetch: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_mal_wc.rpl b/testdata/val_mal_wc.rpl index d834fe648048..3bd7794488ee 100644 --- a/testdata/val_mal_wc.rpl +++ b/testdata/val_mal_wc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_negcache_ds.rpl b/testdata/val_negcache_ds.rpl index c7739e34cba5..78d823793395 100644 --- a/testdata/val_negcache_ds.rpl +++ b/testdata/val_negcache_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_negcache_dssoa.rpl b/testdata/val_negcache_dssoa.rpl index 3f35bbf3b5e7..a74e80969b2a 100644 --- a/testdata/val_negcache_dssoa.rpl +++ b/testdata/val_negcache_dssoa.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_noadwhennodo.rpl b/testdata/val_noadwhennodo.rpl index 13015dbdbd60..8f80b8b9f540 100644 --- a/testdata/val_noadwhennodo.rpl +++ b/testdata/val_noadwhennodo.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata.rpl b/testdata/val_nodata.rpl index 1dbbb77842df..73987685ba88 100644 --- a/testdata/val_nodata.rpl +++ b/testdata/val_nodata.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_ent.rpl b/testdata/val_nodata_ent.rpl index 467bdf5f353a..c67c4016ca48 100644 --- a/testdata/val_nodata_ent.rpl +++ b/testdata/val_nodata_ent.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_entnx.rpl b/testdata/val_nodata_entnx.rpl index 935cf7ce7ce7..298f8a2aea00 100644 --- a/testdata/val_nodata_entnx.rpl +++ b/testdata/val_nodata_entnx.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. IN DS 29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262" val-override-date: "20140301134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_entwc.rpl b/testdata/val_nodata_entwc.rpl index 03c09a207dcb..82e8258eaf1e 100644 --- a/testdata/val_nodata_entwc.rpl +++ b/testdata/val_nodata_entwc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_failsig.rpl b/testdata/val_nodata_failsig.rpl index 27d5d30c8314..44f7b4160d22 100644 --- a/testdata/val_nodata_failsig.rpl +++ b/testdata/val_nodata_failsig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_hasdata.rpl b/testdata/val_nodata_hasdata.rpl index f5321182a5ed..47992da3a837 100644 --- a/testdata/val_nodata_hasdata.rpl +++ b/testdata/val_nodata_hasdata.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodata_zonecut.rpl b/testdata/val_nodata_zonecut.rpl index e9e50a7ce603..9f610654615c 100644 --- a/testdata/val_nodata_zonecut.rpl +++ b/testdata/val_nodata_zonecut.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc.rpl b/testdata/val_nodatawc.rpl index 30e38b605144..6ac40b79ae3a 100644 --- a/testdata/val_nodatawc.rpl +++ b/testdata/val_nodatawc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc_badce.rpl b/testdata/val_nodatawc_badce.rpl index dcf8697db0cb..2811ff846810 100644 --- a/testdata/val_nodatawc_badce.rpl +++ b/testdata/val_nodatawc_badce.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc_nodeny.rpl b/testdata/val_nodatawc_nodeny.rpl index 52dcb0f7842f..1c1adbd251dc 100644 --- a/testdata/val_nodatawc_nodeny.rpl +++ b/testdata/val_nodatawc_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nodatawc_one.rpl b/testdata/val_nodatawc_one.rpl index 88d66effb430..54f915cd8a1b 100644 --- a/testdata/val_nodatawc_one.rpl +++ b/testdata/val_nodatawc_one.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nokeyprime.rpl b/testdata/val_nokeyprime.rpl index 5eae44f8198e..22653ad1a983 100644 --- a/testdata/val_nokeyprime.rpl +++ b/testdata/val_nokeyprime.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror.rpl b/testdata/val_nsec3_b1_nameerror.rpl index dbe1f9aa3cf1..3e4c9f72adc5 100644 --- a/testdata/val_nsec3_b1_nameerror.rpl +++ b/testdata/val_nsec3_b1_nameerror.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror_noce.rpl b/testdata/val_nsec3_b1_nameerror_noce.rpl index 6dca24cc50ec..f3262752048e 100644 --- a/testdata/val_nsec3_b1_nameerror_noce.rpl +++ b/testdata/val_nsec3_b1_nameerror_noce.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror_nonc.rpl b/testdata/val_nsec3_b1_nameerror_nonc.rpl index b9d32d32e0de..993e943b0d6a 100644 --- a/testdata/val_nsec3_b1_nameerror_nonc.rpl +++ b/testdata/val_nsec3_b1_nameerror_nonc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm 3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b1_nameerror_nowc.rpl b/testdata/val_nsec3_b1_nameerror_nowc.rpl index 1293aa919d14..db208bbe17cc 100644 --- a/testdata/val_nsec3_b1_nameerror_nowc.rpl +++ b/testdata/val_nsec3_b1_nameerror_nowc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b21_nodataent.rpl b/testdata/val_nsec3_b21_nodataent.rpl index 10f51f83ab8f..0f41f1e9cfcf 100644 --- a/testdata/val_nsec3_b21_nodataent.rpl +++ b/testdata/val_nsec3_b21_nodataent.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b21_nodataent_wr.rpl b/testdata/val_nsec3_b21_nodataent_wr.rpl index 6c2f44ef5748..7060fb9b7986 100644 --- a/testdata/val_nsec3_b21_nodataent_wr.rpl +++ b/testdata/val_nsec3_b21_nodataent_wr.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b2_nodata.rpl b/testdata/val_nsec3_b2_nodata.rpl index 11af26967262..8ea653f6b3d3 100644 --- a/testdata/val_nsec3_b2_nodata.rpl +++ b/testdata/val_nsec3_b2_nodata.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b2_nodata_nons.rpl b/testdata/val_nsec3_b2_nodata_nons.rpl index 8311fffc07ba..85669401b134 100644 --- a/testdata/val_nsec3_b2_nodata_nons.rpl +++ b/testdata/val_nsec3_b2_nodata_nons.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout.rpl b/testdata/val_nsec3_b3_optout.rpl index 5cde1a9bcf62..ea89e82bf64a 100644 --- a/testdata/val_nsec3_b3_optout.rpl +++ b/testdata/val_nsec3_b3_optout.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_negcache.rpl b/testdata/val_nsec3_b3_optout_negcache.rpl index c2468bab82a7..06bcdb18cbcc 100644 --- a/testdata/val_nsec3_b3_optout_negcache.rpl +++ b/testdata/val_nsec3_b3_optout_negcache.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_noce.rpl b/testdata/val_nsec3_b3_optout_noce.rpl index e61aba83e249..ce476b62c4b9 100644 --- a/testdata/val_nsec3_b3_optout_noce.rpl +++ b/testdata/val_nsec3_b3_optout_noce.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_nonc.rpl b/testdata/val_nsec3_b3_optout_nonc.rpl index 7c8f19fd5b9e..f4804e40c21c 100644 --- a/testdata/val_nsec3_b3_optout_nonc.rpl +++ b/testdata/val_nsec3_b3_optout_nonc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b4_wild.rpl b/testdata/val_nsec3_b4_wild.rpl index e3041ecd8ea4..5dcd308c95d6 100644 --- a/testdata/val_nsec3_b4_wild.rpl +++ b/testdata/val_nsec3_b4_wild.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b4_wild_wr.rpl b/testdata/val_nsec3_b4_wild_wr.rpl index bff6b4457530..b9a1cda665b0 100644 --- a/testdata/val_nsec3_b4_wild_wr.rpl +++ b/testdata/val_nsec3_b4_wild_wr.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata.rpl b/testdata/val_nsec3_b5_wcnodata.rpl index c8014ed6931e..717125e8626d 100644 --- a/testdata/val_nsec3_b5_wcnodata.rpl +++ b/testdata/val_nsec3_b5_wcnodata.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata_noce.rpl b/testdata/val_nsec3_b5_wcnodata_noce.rpl index a933b50c94f7..0506a4780dca 100644 --- a/testdata/val_nsec3_b5_wcnodata_noce.rpl +++ b/testdata/val_nsec3_b5_wcnodata_noce.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata_nonc.rpl b/testdata/val_nsec3_b5_wcnodata_nonc.rpl index 8ff0e76bc860..440386ee5cc7 100644 --- a/testdata/val_nsec3_b5_wcnodata_nonc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nonc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata_nowc.rpl b/testdata/val_nsec3_b5_wcnodata_nowc.rpl index 4460e5faee22..e6619cf81b3e 100644 --- a/testdata/val_nsec3_b5_wcnodata_nowc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nowc.rpl @@ -3,6 +3,7 @@ server: trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cname_ds.rpl b/testdata/val_nsec3_cname_ds.rpl index 299400569598..bf4dc5903fa7 100644 --- a/testdata/val_nsec3_cname_ds.rpl +++ b/testdata/val_nsec3_cname_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cname_par.rpl b/testdata/val_nsec3_cname_par.rpl index 20ea0619d654..20ae3b2911a2 100644 --- a/testdata/val_nsec3_cname_par.rpl +++ b/testdata/val_nsec3_cname_par.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cname_sub.rpl b/testdata/val_nsec3_cname_sub.rpl index 7b38b1a1bdfd..beb910c5f43d 100644 --- a/testdata/val_nsec3_cname_sub.rpl +++ b/testdata/val_nsec3_cname_sub.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_cnametocnamewctoposwc.rpl b/testdata/val_nsec3_cnametocnamewctoposwc.rpl index d8f2c411e482..a7c45efcf099 100644 --- a/testdata/val_nsec3_cnametocnamewctoposwc.rpl +++ b/testdata/val_nsec3_cnametocnamewctoposwc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" val-override-date: "-1" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_entnodata_optout.rpl b/testdata/val_nsec3_entnodata_optout.rpl index 56ed195fc3f5..5d868def0ac1 100644 --- a/testdata/val_nsec3_entnodata_optout.rpl +++ b/testdata/val_nsec3_entnodata_optout.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_entnodata_optout_badopt.rpl b/testdata/val_nsec3_entnodata_optout_badopt.rpl index d1548f522f36..928814bfb3bc 100644 --- a/testdata/val_nsec3_entnodata_optout_badopt.rpl +++ b/testdata/val_nsec3_entnodata_optout_badopt.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_entnodata_optout_match.rpl b/testdata/val_nsec3_entnodata_optout_match.rpl index 329db5f53d57..2919ff76707b 100644 --- a/testdata/val_nsec3_entnodata_optout_match.rpl +++ b/testdata/val_nsec3_entnodata_optout_match.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_iter_high.rpl b/testdata/val_nsec3_iter_high.rpl index 451bec540a7f..461b5503c59e 100644 --- a/testdata/val_nsec3_iter_high.rpl +++ b/testdata/val_nsec3_iter_high.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20070916134226" val-nsec3-keysize-iterations: "1024 100 2048 200 4096 500" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nodatawccname.rpl b/testdata/val_nsec3_nodatawccname.rpl index 4f01cdf8a41a..ef5cadf89e4c 100644 --- a/testdata/val_nsec3_nodatawccname.rpl +++ b/testdata/val_nsec3_nodatawccname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods.rpl b/testdata/val_nsec3_nods.rpl index 60f20817f805..592adf7617f9 100644 --- a/testdata/val_nsec3_nods.rpl +++ b/testdata/val_nsec3_nods.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_badopt.rpl b/testdata/val_nsec3_nods_badopt.rpl index c2f71ca76ac7..723bc767b237 100644 --- a/testdata/val_nsec3_nods_badopt.rpl +++ b/testdata/val_nsec3_nods_badopt.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_badsig.rpl b/testdata/val_nsec3_nods_badsig.rpl index 5e265326449e..b0a4ebe56c16 100644 --- a/testdata/val_nsec3_nods_badsig.rpl +++ b/testdata/val_nsec3_nods_badsig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_negcache.rpl b/testdata/val_nsec3_nods_negcache.rpl index 0c4d20ec2040..053e003597ef 100644 --- a/testdata/val_nsec3_nods_negcache.rpl +++ b/testdata/val_nsec3_nods_negcache.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_nods_soa.rpl b/testdata/val_nsec3_nods_soa.rpl index a967c5037e30..5b6877ebe13e 100644 --- a/testdata/val_nsec3_nods_soa.rpl +++ b/testdata/val_nsec3_nods_soa.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_optout_ad.rpl b/testdata/val_nsec3_optout_ad.rpl index 1c484eab02fc..67675b830b2c 100644 --- a/testdata/val_nsec3_optout_ad.rpl +++ b/testdata/val_nsec3_optout_ad.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_optout_cache.rpl b/testdata/val_nsec3_optout_cache.rpl index 3ec7ccbdd5cf..f047d3571ed1 100644 --- a/testdata/val_nsec3_optout_cache.rpl +++ b/testdata/val_nsec3_optout_cache.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_wcany.rpl b/testdata/val_nsec3_wcany.rpl index 37074a6a6e0f..f2b68a81bfc2 100644 --- a/testdata/val_nsec3_wcany.rpl +++ b/testdata/val_nsec3_wcany.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nsec3_wcany_nodeny.rpl b/testdata/val_nsec3_wcany_nodeny.rpl index 080f086c8ea5..d2c91e0e07c6 100644 --- a/testdata/val_nsec3_wcany_nodeny.rpl +++ b/testdata/val_nsec3_wcany_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx.rpl b/testdata/val_nx.rpl index 434354fb487d..9dee57dd4378 100644 --- a/testdata/val_nx.rpl +++ b/testdata/val_nx.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nodeny.rpl b/testdata/val_nx_nodeny.rpl index 9c1e0bb3d766..f98248e12be2 100644 --- a/testdata/val_nx_nodeny.rpl +++ b/testdata/val_nx_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nowc.rpl b/testdata/val_nx_nowc.rpl index 9b8880d77b66..dc04c65f6058 100644 --- a/testdata/val_nx_nowc.rpl +++ b/testdata/val_nx_nowc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nsec3_collision.rpl b/testdata/val_nx_nsec3_collision.rpl index 85236e46eb97..5cba2e109af2 100644 --- a/testdata/val_nx_nsec3_collision.rpl +++ b/testdata/val_nx_nsec3_collision.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_nsec3_params.rpl b/testdata/val_nx_nsec3_params.rpl index 926712637f96..c24714d51acf 100644 --- a/testdata/val_nx_nsec3_params.rpl +++ b/testdata/val_nx_nsec3_params.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_nx_overreach.rpl b/testdata/val_nx_overreach.rpl index 4494c30f5a58..11c3a4a191c9 100644 --- a/testdata/val_nx_overreach.rpl +++ b/testdata/val_nx_overreach.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_pos_truncns.rpl b/testdata/val_pos_truncns.rpl index 12d3a5481958..76563a50b89a 100644 --- a/testdata/val_pos_truncns.rpl +++ b/testdata/val_pos_truncns.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive.rpl b/testdata/val_positive.rpl index c6f8d797a555..9c70fcbc92c6 100644 --- a/testdata/val_positive.rpl +++ b/testdata/val_positive.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive_nosigs.rpl b/testdata/val_positive_nosigs.rpl index 4ab6e54f0d03..e1c04d6c1311 100644 --- a/testdata/val_positive_nosigs.rpl +++ b/testdata/val_positive_nosigs.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive_wc.rpl b/testdata/val_positive_wc.rpl index f6a04e71ec93..2fb737deb51e 100644 --- a/testdata/val_positive_wc.rpl +++ b/testdata/val_positive_wc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_positive_wc_nodeny.rpl b/testdata/val_positive_wc_nodeny.rpl index b0c1a5428501..4c5f31083878 100644 --- a/testdata/val_positive_wc_nodeny.rpl +++ b/testdata/val_positive_wc_nodeny.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_qds_badanc.rpl b/testdata/val_qds_badanc.rpl index b451135ffe98..dce22a897e55 100644 --- a/testdata/val_qds_badanc.rpl +++ b/testdata/val_qds_badanc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_qds_oneanc.rpl b/testdata/val_qds_oneanc.rpl index 657b4856ea77..541dfeae8ecb 100644 --- a/testdata/val_qds_oneanc.rpl +++ b/testdata/val_qds_oneanc.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_qds_twoanc.rpl b/testdata/val_qds_twoanc.rpl index 61e7458b0f0f..1b2cae15a558 100644 --- a/testdata/val_qds_twoanc.rpl +++ b/testdata/val_qds_twoanc.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_refer_unsignadd.rpl b/testdata/val_refer_unsignadd.rpl index eb74817ddbbf..d55332687ec9 100644 --- a/testdata/val_refer_unsignadd.rpl +++ b/testdata/val_refer_unsignadd.rpl @@ -6,6 +6,7 @@ server: val-override-date: "20070916134226" access-control: 127.0.0.1 allow_snoop target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_referd.rpl b/testdata/val_referd.rpl index 67e44ea75bff..d532c9a00cf0 100644 --- a/testdata/val_referd.rpl +++ b/testdata/val_referd.rpl @@ -6,6 +6,7 @@ server: harden-referral-path: no access-control: 127.0.0.1 allow_snoop target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_referglue.rpl b/testdata/val_referglue.rpl index bd829bff44df..891e89393fe9 100644 --- a/testdata/val_referglue.rpl +++ b/testdata/val_referglue.rpl @@ -6,6 +6,7 @@ server: directory: "" access-control: 127.0.0.1 allow_snoop target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_rrsig.rpl b/testdata/val_rrsig.rpl index 6ea8c1bc3ee7..e8c39f0fc904 100644 --- a/testdata/val_rrsig.rpl +++ b/testdata/val_rrsig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_secds.rpl b/testdata/val_secds.rpl index d1a5f64b5c5a..4c40409b7203 100644 --- a/testdata/val_secds.rpl +++ b/testdata/val_secds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_secds_nosig.rpl b/testdata/val_secds_nosig.rpl index 310c9bb8875d..c12f934ce683 100644 --- a/testdata/val_secds_nosig.rpl +++ b/testdata/val_secds_nosig.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_spurious_ns.rpl b/testdata/val_spurious_ns.rpl index 741fd1affc3c..3aef40341ef6 100644 --- a/testdata/val_spurious_ns.rpl +++ b/testdata/val_spurious_ns.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_stub_noroot.rpl b/testdata/val_stub_noroot.rpl index 369bc66e428f..f50041c568f6 100644 --- a/testdata/val_stub_noroot.rpl +++ b/testdata/val_stub_noroot.rpl @@ -5,6 +5,7 @@ server: val-override-date: "20100913111500" ; the dlv anchor is completely ignored, but here to test that. dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_stubds.rpl b/testdata/val_stubds.rpl index 565c596333de..bf5f5d651b8b 100644 --- a/testdata/val_stubds.rpl +++ b/testdata/val_stubds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_dnskey.rpl b/testdata/val_ta_algo_dnskey.rpl index d5dd26040cbd..dfe608ef3bb1 100644 --- a/testdata/val_ta_algo_dnskey.rpl +++ b/testdata/val_ta_algo_dnskey.rpl @@ -5,6 +5,7 @@ server: trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_dnskey_dp.rpl b/testdata/val_ta_algo_dnskey_dp.rpl index b23c0f1b04d7..1ef14adf87a9 100644 --- a/testdata/val_ta_algo_dnskey_dp.rpl +++ b/testdata/val_ta_algo_dnskey_dp.rpl @@ -6,6 +6,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" harden-algo-downgrade: no + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_missing.rpl b/testdata/val_ta_algo_missing.rpl index d8c89807b2b0..51dddce2b2f1 100644 --- a/testdata/val_ta_algo_missing.rpl +++ b/testdata/val_ta_algo_missing.rpl @@ -7,6 +7,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" harden-algo-downgrade: yes + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_ta_algo_missing_dp.rpl b/testdata/val_ta_algo_missing_dp.rpl index 2cf0556f5bff..fb4a1382562b 100644 --- a/testdata/val_ta_algo_missing_dp.rpl +++ b/testdata/val_ta_algo_missing_dp.rpl @@ -7,6 +7,7 @@ server: val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" harden-algo-downgrade: no + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_twocname.rpl b/testdata/val_twocname.rpl index 9495c28536fe..2736d917a017 100644 --- a/testdata/val_twocname.rpl +++ b/testdata/val_twocname.rpl @@ -2,6 +2,7 @@ server: trust-anchor: "ORG. DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2" val-override-date: "20091116100204" + fake-sha1: yes forward-zone: name: "." diff --git a/testdata/val_unalgo_anchor.rpl b/testdata/val_unalgo_anchor.rpl index 1a653186a5d4..0848b7063003 100644 --- a/testdata/val_unalgo_anchor.rpl +++ b/testdata/val_unalgo_anchor.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 208 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unalgo_dlv.rpl b/testdata/val_unalgo_dlv.rpl index 7e1d8c9d50f0..9320ca67feda 100644 --- a/testdata/val_unalgo_dlv.rpl +++ b/testdata/val_unalgo_dlv.rpl @@ -4,6 +4,7 @@ server: dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unalgo_ds.rpl b/testdata/val_unalgo_ds.rpl index adf1ff123442..8adc049884a0 100644 --- a/testdata/val_unalgo_ds.rpl +++ b/testdata/val_unalgo_ds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsec_cname.rpl b/testdata/val_unsec_cname.rpl index c532da5ee000..6d4e52f8fa8b 100644 --- a/testdata/val_unsec_cname.rpl +++ b/testdata/val_unsec_cname.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsecds.rpl b/testdata/val_unsecds.rpl index ff2bc7633dd4..e8a85eb1760a 100644 --- a/testdata/val_unsecds.rpl +++ b/testdata/val_unsecds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsecds_negcache.rpl b/testdata/val_unsecds_negcache.rpl index de3183978391..7de1775b4901 100644 --- a/testdata/val_unsecds_negcache.rpl +++ b/testdata/val_unsecds_negcache.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_unsecds_qtypeds.rpl b/testdata/val_unsecds_qtypeds.rpl index 4d82a1b7e156..5101300053a4 100644 --- a/testdata/val_unsecds_qtypeds.rpl +++ b/testdata/val_unsecds_qtypeds.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/testdata/val_wild_pos.rpl b/testdata/val_wild_pos.rpl index d47f03f59a89..9c0c5df0f0c6 100644 --- a/testdata/val_wild_pos.rpl +++ b/testdata/val_wild_pos.rpl @@ -4,6 +4,7 @@ server: trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" val-override-date: "20070916134226" target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes stub-zone: name: "." diff --git a/util/config_file.c b/util/config_file.c index 1eba4af860c3..af176929dc35 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -62,6 +62,9 @@ #ifdef HAVE_GLOB_H # include <glob.h> #endif +#ifdef CLIENT_SUBNET +#include "edns-subnet/edns-subnet.h" +#endif #ifdef HAVE_PWD_H #include <pwd.h> #endif @@ -173,6 +176,13 @@ config_create(void) cfg->out_ifs = NULL; cfg->stubs = NULL; cfg->forwards = NULL; +#ifdef CLIENT_SUBNET + cfg->client_subnet = NULL; + cfg->client_subnet_opcode = LDNS_EDNS_CLIENT_SUBNET; + cfg->client_subnet_always_forward = 0; + cfg->max_client_subnet_ipv4 = 24; + cfg->max_client_subnet_ipv6 = 56; +#endif cfg->views = NULL; cfg->acls = NULL; cfg->harden_short_bufsize = 0; @@ -189,6 +199,7 @@ config_create(void) cfg->unwanted_threshold = 0; cfg->hide_identity = 0; cfg->hide_version = 0; + cfg->hide_trustanchor = 0; cfg->identity = NULL; cfg->version = NULL; cfg->auto_trust_anchor_file_list = NULL; @@ -237,7 +248,11 @@ config_create(void) if(!(cfg->control_cert_file = strdup(RUN_DIR"/unbound_control.pem"))) goto error_exit; +#ifdef CLIENT_SUBNET + if(!(cfg->module_conf = strdup("subnetcache validator iterator"))) goto error_exit; +#else if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; +#endif if(!(cfg->val_nsec3_key_iterations = strdup("1024 150 2048 500 4096 2500"))) goto error_exit; #if defined(DNSTAP_SOCKET_PATH) @@ -257,6 +272,13 @@ config_create(void) cfg->ratelimit_factor = 10; cfg->qname_minimisation = 0; cfg->qname_minimisation_strict = 0; + cfg->shm_enable = 0; + cfg->shm_key = 11777; + cfg->dnscrypt = 0; + cfg->dnscrypt_port = 0; + cfg->dnscrypt_provider = NULL; + cfg->dnscrypt_provider_cert = NULL; + cfg->dnscrypt_secret_key = NULL; return cfg; error_exit: config_delete(cfg); @@ -380,6 +402,8 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("log-identity:", log_identity) else S_YNO("extended-statistics:", stat_extended) else S_YNO("statistics-cumulative:", stat_cumulative) + else S_YNO("shm-enable:", shm_enable) + else S_NUMBER_OR_ZERO("shm-key:", shm_key) else S_YNO("do-ip4:", do_ip4) else S_YNO("do-ip6:", do_ip6) else S_YNO("do-udp:", do_udp) @@ -433,6 +457,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("pidfile:", pidfile) else S_YNO("hide-identity:", hide_identity) else S_YNO("hide-version:", hide_version) + else S_YNO("hide-trustanchor:", hide_trustanchor) else S_STR("identity:", identity) else S_STR("version:", version) else S_STRLIST("root-hints:", root_hints) @@ -492,6 +517,12 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("module-config:", module_conf) else S_STR("python-script:", python_script) else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check) +#ifdef CLIENT_SUBNET + /* Can't set max subnet prefix here, since that value is used when + * generating the address tree. */ + /* No client-subnet-always-forward here, module registration depends on + * this option. */ +#endif else if(strcmp(opt, "ip-ratelimit:") == 0) { IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val); infra_ip_ratelimit=cfg->ip_ratelimit; @@ -535,7 +566,9 @@ int config_set_option(struct config_file* cfg, const char* opt, * stub-ssl-upstream, forward-zone, * name, forward-addr, forward-host, * ratelimit-for-domain, ratelimit-below-domain, - * local-zone-tag, access-control-view */ + * local-zone-tag, access-control-view + * send-client-subnet client-subnet-always-forward + * max-client-subnet-ipv4 max-client-subnet-ipv6 */ return 0; } return 1; @@ -697,6 +730,8 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "statistics-interval", stat_interval) else O_YNO(opt, "statistics-cumulative", stat_cumulative) else O_YNO(opt, "extended-statistics", stat_extended) + else O_YNO(opt, "shm-enable", shm_enable) + else O_DEC(opt, "shm-key", shm_key) else O_YNO(opt, "use-syslog", use_syslog) else O_STR(opt, "log-identity", log_identity) else O_YNO(opt, "log-time-ascii", log_time_ascii) @@ -753,6 +788,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_STR(opt, "pidfile", pidfile) else O_YNO(opt, "hide-identity", hide_identity) else O_YNO(opt, "hide-version", hide_version) + else O_YNO(opt, "hide-trustanchor", hide_trustanchor) else O_STR(opt, "identity", identity) else O_STR(opt, "version", version) else O_STR(opt, "target-fetch-policy", target_fetch_policy) @@ -804,6 +840,13 @@ config_get_option(struct config_file* cfg, const char* opt, else O_UNS(opt, "val-override-date", val_date_override) else O_YNO(opt, "minimal-responses", minimal_responses) else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin) +#ifdef CLIENT_SUBNET + else O_LST(opt, "send-client-subnet", client_subnet) + else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4) + else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6) + else O_YNO(opt, "client-subnet-always-forward:", + client_subnet_always_forward) +#endif else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones) else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones) else O_DEC(opt, "max-udp-size", max_udp_size) @@ -826,6 +869,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_IFC(opt, "define-tag", num_tags, tagname) else O_LTG(opt, "local-zone-tag", local_zone_tags) else O_LTG(opt, "access-control-tag", acl_tags) + else O_LTG(opt, "response-ip-tag", respip_tags) else O_LS3(opt, "local-zone-override", local_zone_overrides) else O_LS3(opt, "access-control-tag-action", acl_tag_actions) else O_LS3(opt, "access-control-tag-data", acl_tag_datas) @@ -934,6 +978,8 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot) ub_c_parse(); fclose(in); + if(!cfg->dnscrypt) cfg->dnscrypt_port = 0; + if(cfg_parser->errors != 0) { fprintf(stderr, "read %s failed: %d errors in configuration file\n", fname, cfg_parser->errors); @@ -1083,6 +1129,9 @@ config_delete(struct config_file* cfg) config_delviews(cfg->views); config_delstrlist(cfg->donotqueryaddrs); config_delstrlist(cfg->root_hints); +#ifdef CLIENT_SUBNET + config_delstrlist(cfg->client_subnet); +#endif free(cfg->identity); free(cfg->version); free(cfg->module_conf); @@ -1106,6 +1155,7 @@ config_delete(struct config_file* cfg) config_del_strarray(cfg->tagname, cfg->num_tags); config_del_strbytelist(cfg->local_zone_tags); config_del_strbytelist(cfg->acl_tags); + config_del_strbytelist(cfg->respip_tags); config_deltrplstrlist(cfg->acl_tag_actions); config_deltrplstrlist(cfg->acl_tag_datas); config_delstrlist(cfg->control_ifs); diff --git a/util/config_file.h b/util/config_file.h index d52c2f48104d..79b094894022 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -172,6 +172,18 @@ struct config_file { struct config_view* views; /** list of donotquery addresses, linked list */ struct config_strlist* donotqueryaddrs; +#ifdef CLIENT_SUBNET + /** list of servers we send edns-client-subnet option to and + * accept option from, linked list */ + struct config_strlist* client_subnet; + /** opcode assigned by IANA for edns0-client-subnet option */ + uint16_t client_subnet_opcode; + /** Do not check whitelist if incoming query contains an ECS record */ + int client_subnet_always_forward; + /** Subnet length we are willing to give up privacy for */ + uint8_t max_client_subnet_ipv4; + uint8_t max_client_subnet_ipv6; +#endif /** list of access control entries, linked list */ struct config_str2list* acls; /** use default localhost donotqueryaddr entries */ @@ -238,6 +250,8 @@ struct config_file { int hide_identity; /** do not report version (version.server, version.bind) */ int hide_version; + /** do not report trustanchor (trustanchor.unbound) */ + int hide_trustanchor; /** identity, hostname is returned if "". */ char* identity; /** version, package version returned if "". */ @@ -321,6 +335,12 @@ struct config_file { struct config_str3list* acl_tag_datas; /** list of aclname, view*/ struct config_str2list* acl_view; + /** list of IP-netblock, tagbitlist */ + struct config_strbytelist* respip_tags; + /** list of response-driven access control entries, linked list */ + struct config_str2list* respip_actions; + /** RRs configured for response-driven access controls */ + struct config_str2list* respip_data; /** tag list, array with tagname[i] is malloced string */ char** tagname; /** number of items in the taglist */ @@ -422,6 +442,22 @@ struct config_file { /** minimise QNAME in strict mode, minimise according to RFC. * Do not apply fallback */ int qname_minimisation_strict; + /** SHM data - true if shm is enabled */ + int shm_enable; + /** SHM data - key for the shm */ + int shm_key; + + /** DNSCrypt */ + /** true to enable dnscrypt */ + int dnscrypt; + /** port on which to provide dnscrypt service */ + int dnscrypt_port; + /** provider name 2.dnscrypt-cert.example.com */ + char* dnscrypt_provider; + /** dnscrypt secret keys 1.key */ + struct config_strlist* dnscrypt_secret_key; + /** dnscrypt provider certs 1.cert */ + struct config_strlist* dnscrypt_provider_cert; }; /** from cfg username, after daemonise setup performed */ @@ -447,7 +483,7 @@ struct config_stub { int isprime; /** if forward-first is set (failover to without if fails) */ int isfirst; - /* use SSL for queries to this stub */ + /** use SSL for queries to this stub */ int ssl_upstream; }; @@ -468,6 +504,10 @@ struct config_view { /** Fallback to global local_zones when there is no match in the view * view specific tree. 1 for yes, 0 for no */ int isfirst; + /** predefined actions for particular IP address responses */ + struct config_str2list* respip_actions; + /** data complementing the 'redirect' response IP actions */ + struct config_str2list* respip_data; }; /** @@ -964,6 +1004,6 @@ void w_config_adjust_directory(struct config_file* cfg); #endif /* UB_ON_WINDOWS */ /** debug option for unit tests. */ -extern int fake_dsa; +extern int fake_dsa, fake_sha1; #endif /* UTIL_CONFIG_FILE_H */ diff --git a/util/configlexer.c b/util/configlexer.c index b48f92faefc2..0043165c2d2f 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -378,8 +378,8 @@ static void yy_fatal_error (yyconst char msg[] ); *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 203 -#define YY_END_OF_BUFFER 204 +#define YY_NUM_RULES 221 +#define YY_END_OF_BUFFER 222 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -387,228 +387,246 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[1997] = +static yyconst flex_int16_t yy_accept[2165] = { 0, - 1, 1, 185, 185, 189, 189, 193, 193, 197, 197, - 1, 1, 204, 201, 1, 183, 183, 202, 2, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 202, - 185, 186, 186, 187, 202, 189, 190, 190, 191, 202, - 196, 193, 194, 194, 195, 202, 197, 198, 198, 199, - 202, 200, 184, 2, 188, 200, 202, 201, 0, 1, - 2, 2, 2, 2, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 185, 0, - 189, 0, 196, 0, 193, 197, 0, 200, 0, 2, - 2, 200, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 200, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 200, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 77, 201, 201, 201, 201, 201, 201, 8, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 88, 200, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 200, 201, 201, 201, 201, 201, 37, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 159, - 201, 14, 15, 201, 18, 17, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 145, 201, 201, 201, 201, 201, 201, 201, - 201, 3, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 200, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 192, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 40, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 41, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 20, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 96, 201, 192, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 112, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 95, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 75, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 25, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 38, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 39, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 28, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 174, 201, 201, 201, 201, - 201, 201, 201, 32, 201, 33, 201, 201, 201, 78, - 201, 79, 201, 201, 76, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 7, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 152, 201, 201, 201, - 201, 98, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 29, 201, 201, 201, - 201, 201, 201, 201, 128, 201, 127, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 16, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 42, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 81, 80, 201, 201, 201, - 201, 201, 201, 201, 201, 122, 201, 201, 201, 201, - 201, 201, 201, 201, 89, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 60, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 64, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 36, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 125, - 126, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 6, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 26, 201, 201, 201, - 201, 201, 201, 201, 201, 118, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 138, 201, 119, 201, 201, - 150, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 27, 201, 201, 201, 201, 84, 201, 85, 201, - 83, 201, 201, 201, 201, 201, 201, 201, 94, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 173, 201, 201, 120, 201, 201, 201, 201, 201, 123, - 201, 149, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 74, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 34, 201, 201, 22, 201, 201, 201, 201, 19, - 201, 103, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 49, 51, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 160, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 86, 201, 201, 201, 201, 201, 201, 201, 93, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 97, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 144, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 111, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 107, 201, 113, 201, 201, 201, 201, 201, 92, 201, - 201, 70, 201, 136, 201, 201, 201, 201, 201, 151, - 201, 201, 201, 201, 201, 201, 201, 165, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 110, 201, 201, 201, 201, 201, 52, 53, 201, 201, - 201, 201, 201, 35, 59, 114, 201, 129, 201, 153, - 124, 201, 201, 45, 201, 116, 201, 201, 201, 201, - - 201, 9, 201, 201, 201, 73, 201, 201, 201, 201, - 178, 201, 135, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 99, 164, 201, 201, 201, 201, - 201, 201, 201, 201, 146, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 115, 201, 201, 44, 46, 201, - 201, 201, 201, 201, 201, 201, 72, 201, 201, 201, - 201, 176, 201, 201, 201, 201, 140, 23, 24, 201, - - 201, 201, 201, 201, 201, 201, 201, 69, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 142, 139, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 43, 201, 201, 201, 201, 201, 201, 201, 201, - 13, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 12, 201, 201, 21, 201, 201, - 201, 182, 201, 47, 201, 148, 141, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 106, - 105, 201, 201, 201, 201, 143, 137, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - - 201, 201, 201, 201, 201, 201, 201, 54, 201, 201, - 201, 177, 201, 201, 147, 201, 201, 201, 201, 201, - 201, 201, 201, 48, 201, 201, 82, 201, 100, 102, - 130, 201, 201, 201, 104, 201, 201, 154, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 161, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 131, 201, 201, 175, 201, 201, 30, 201, - 201, 201, 201, 4, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 157, 201, 201, 201, 201, - 201, 201, 201, 201, 163, 201, 201, 134, 201, 201, - - 201, 201, 201, 201, 201, 201, 57, 201, 31, 181, - 158, 201, 11, 201, 201, 201, 201, 201, 201, 132, - 61, 201, 201, 201, 109, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 162, 90, 201, 87, 201, - 201, 201, 63, 67, 62, 201, 55, 201, 10, 201, - 201, 201, 179, 201, 201, 108, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 68, - 66, 201, 56, 201, 121, 201, 201, 133, 201, 201, - 201, 201, 101, 50, 201, 201, 201, 201, 201, 201, - 201, 91, 65, 58, 201, 180, 201, 201, 201, 156, - - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 71, - 201, 155, 172, 201, 201, 201, 201, 201, 201, 5, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 117, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 168, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 166, 201, 169, 170, 201, 201, - 201, 201, 201, 167, 171, 0 - + 1, 1, 203, 203, 207, 207, 211, 211, 215, 215, + 1, 1, 222, 219, 1, 201, 201, 220, 2, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 220, + 203, 204, 204, 205, 220, 207, 208, 208, 209, 220, + 214, 211, 212, 212, 213, 220, 215, 216, 216, 217, + 220, 218, 202, 2, 206, 218, 220, 219, 0, 1, + 2, 2, 2, 2, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 203, 0, 207, 0, 214, 0, 211, 215, 0, 218, + 0, 2, 2, 218, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 218, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 218, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 77, 219, 219, 219, + 219, 219, 219, 8, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 88, 218, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 218, + 219, 219, 219, 219, 219, 37, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 168, 219, + 14, 15, 219, 18, 17, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 154, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 3, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 218, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 210, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 40, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 41, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 143, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 20, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 102, 219, 210, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 195, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 118, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 101, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 75, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 25, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 38, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 39, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 119, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 28, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 183, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 219, 32, 219, 33, + 219, 219, 219, 78, 219, 79, 219, 219, 76, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 7, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 161, 219, 219, 219, 219, 104, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 29, 219, 219, 219, + + 219, 219, 219, 219, 135, 219, 134, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 16, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 42, 219, 219, + 219, 219, 219, 219, 142, 219, 219, 219, 219, 81, + 80, 219, 219, 219, 219, 219, 219, 219, 219, 129, + 219, 219, 219, 219, 219, 219, 219, 219, 89, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 60, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 64, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 36, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 132, + 133, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 6, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 193, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 26, 219, 219, 219, 219, 219, 219, 219, 219, 125, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 147, 219, 126, 219, 219, 159, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 27, 219, 219, 219, 219, 84, 219, 85, 219, 83, + 219, 219, 219, 219, 219, 219, 219, 219, 99, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 182, 219, 219, 127, 219, 219, 219, 219, 219, 130, + 219, 219, 158, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 74, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 34, 219, 219, 22, 219, + 219, 219, 219, 19, 219, 109, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 49, 51, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 197, 219, 219, 169, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 86, 219, 219, 219, 219, 219, 219, 219, 98, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 103, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 153, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 117, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 113, 219, 120, 219, 219, 219, + 219, 219, 92, 219, 219, 70, 219, 219, 219, 145, + 219, 219, 219, 219, 219, 160, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 174, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 116, 219, 219, 219, 219, 219, 52, 53, 219, 219, + 219, 219, 219, 35, 59, 121, 219, 136, 219, 162, + + 131, 219, 219, 219, 45, 219, 123, 219, 219, 219, + 219, 219, 9, 219, 219, 219, 73, 219, 219, 219, + 219, 187, 219, 144, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 105, 196, 219, 219, 173, 219, 219, 219, 219, 219, + 219, 219, 219, 155, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 122, 219, 219, 219, 44, 46, + + 219, 219, 219, 219, 219, 219, 219, 72, 219, 219, + 219, 219, 185, 219, 192, 219, 219, 219, 219, 219, + 149, 23, 24, 219, 219, 219, 219, 219, 219, 219, + 219, 69, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 151, 148, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 43, + 219, 219, 219, 219, 219, 219, 219, 219, 100, 13, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 12, 219, 219, 21, 219, 219, + 219, 191, 219, 194, 47, 219, 157, 219, 150, 219, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 112, 111, 219, 219, 219, 219, 219, 219, 152, + 146, 219, 219, 198, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 54, 219, 219, 219, 186, 219, + 219, 219, 156, 219, 219, 219, 219, 219, 219, 219, + 219, 48, 219, 219, 219, 82, 219, 106, 108, 137, + 219, 219, 219, 110, 219, 219, 163, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 170, 219, 219, 219, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 138, 219, 219, 184, 219, + 219, 219, 30, 219, 219, 219, 219, 4, 219, 219, + 93, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 166, 219, 219, 219, 219, 219, 219, 199, 219, 219, + 219, 219, 219, 172, 219, 219, 141, 219, 219, 219, + 219, 219, 219, 219, 219, 57, 219, 31, 190, 167, + 219, 219, 11, 219, 219, 219, 219, 219, 219, 139, + 61, 219, 219, 219, 115, 219, 219, 219, 219, 219, + 95, 219, 219, 219, 219, 219, 219, 219, 171, 90, + 219, 87, 219, 219, 219, 63, 67, 62, 219, 55, + + 219, 219, 10, 219, 219, 219, 188, 219, 219, 114, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 68, 66, 219, 56, 219, + 219, 219, 128, 219, 219, 140, 219, 219, 219, 219, + 107, 50, 219, 219, 200, 219, 219, 219, 219, 219, + 219, 91, 65, 96, 97, 58, 219, 189, 219, 219, + 219, 165, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 71, 219, 164, 219, 181, 219, 219, + 219, 219, 219, 219, 5, 219, 219, 219, 219, 219, + + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 94, 219, 219, 219, 219, 219, 219, 124, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 177, 219, + 219, 219, 219, 219, 219, 219, 219, 219, 219, 219, + 219, 219, 175, 219, 178, 179, 219, 219, 219, 219, + 219, 176, 180, 0 } ; static yyconst YY_CHAR yy_ec[256] = @@ -617,16 +635,16 @@ static yyconst YY_CHAR yy_ec[256] = 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 5, 6, 1, 1, 1, 7, 1, - 1, 1, 1, 1, 8, 1, 1, 1, 1, 1, - 9, 10, 1, 11, 1, 1, 1, 12, 1, 1, - 1, 1, 1, 1, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 1, 39, 1, 1, 1, 1, 40, 41, 42, 43, - - 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, - 64, 65, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 8, 1, 1, 1, 9, 1, + 10, 11, 1, 12, 1, 1, 1, 13, 1, 1, + 1, 1, 1, 1, 14, 15, 16, 17, 18, 19, + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, + 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, + 1, 40, 1, 1, 1, 1, 41, 42, 43, 44, + + 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -643,1110 +661,1198 @@ static yyconst YY_CHAR yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst YY_CHAR yy_meta[66] = +static yyconst YY_CHAR yy_meta[67] = { 0, 1, 2, 3, 4, 5, 1, 6, 1, 1, 1, - 1, 7, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 7, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 + 1, 1, 1, 1, 1, 1 } ; -static yyconst flex_uint16_t yy_base[2011] = +static yyconst flex_uint16_t yy_base[2179] = { 0, - 0, 0, 63, 66, 69, 71, 77, 83, 88, 91, - 129, 135, 354, 275, 95, 5728, 5728, 5728, 107, 110, - 142, 180, 108, 145, 152, 186, 50, 149, 121, 182, - 210, 177, 254, 137, 225, 229, 205, 227, 273, 116, - 271, 5728, 5728, 5728, 94, 268, 5728, 5728, 5728, 96, - 261, 295, 5728, 5728, 5728, 299, 256, 5728, 5728, 5728, - 102, 250, 5728, 318, 5728, 141, 322, 228, 326, 111, - 0, 330, 0, 0, 257, 235, 277, 324, 310, 266, - 323, 314, 125, 312, 348, 322, 326, 341, 320, 351, - 339, 359, 357, 374, 209, 362, 378, 392, 358, 373, - - 386, 404, 389, 405, 410, 398, 379, 424, 409, 435, - 414, 432, 422, 430, 431, 429, 445, 218, 441, 464, - 456, 450, 455, 477, 481, 472, 460, 483, 224, 174, - 220, 150, 172, 524, 206, 159, 272, 122, 528, 536, - 0, 495, 519, 307, 515, 525, 513, 520, 514, 528, - 542, 539, 547, 468, 557, 601, 552, 546, 540, 549, - 559, 564, 580, 573, 574, 581, 572, 592, 598, 625, - 586, 611, 602, 633, 640, 639, 632, 623, 651, 650, - 660, 661, 656, 649, 658, 654, 659, 653, 671, 680, - 689, 669, 677, 690, 678, 691, 703, 688, 711, 705, - - 707, 704, 702, 718, 729, 730, 740, 721, 716, 733, - 741, 737, 746, 757, 739, 743, 748, 750, 738, 769, - 778, 781, 454, 786, 790, 767, 777, 794, 789, 802, - 799, 798, 804, 800, 810, 806, 803, 814, 813, 809, - 842, 841, 827, 831, 828, 847, 833, 840, 857, 853, - 854, 868, 855, 869, 874, 880, 895, 509, 873, 882, - 879, 896, 901, 889, 903, 917, 912, 906, 919, 914, - 924, 916, 935, 944, 928, 954, 941, 952, 951, 959, - 937, 967, 971, 984, 974, 1029, 977, 981, 993, 989, - 994, 991, 1002, 964, 1000, 1008, 1009, 1020, 1011, 969, - - 1019, 1030, 1040, 1038, 1046, 1055, 551, 1056, 1047, 1061, - 1064, 1082, 1075, 1081, 1068, 1066, 1088, 1087, 1089, 1095, - 1091, 1065, 1098, 1111, 1116, 1123, 1109, 1130, 1127, 1121, - 1138, 1137, 1136, 1114, 1144, 1133, 1141, 1147, 1169, 1167, - 1152, 1174, 5728, 1176, 1160, 1178, 1179, 1162, 1171, 5728, - 1194, 1164, 1193, 1189, 1208, 1213, 1211, 1196, 1229, 1200, - 1203, 1227, 1221, 1223, 1210, 1233, 1279, 1237, 1240, 1245, - 1270, 1262, 1249, 1272, 1256, 1276, 1267, 1289, 1296, 1291, - 1293, 1308, 1312, 1300, 1302, 1318, 5728, 1322, 1266, 1329, - 1316, 1320, 1323, 1243, 1340, 1358, 1343, 1354, 1344, 1360, - - 1361, 1347, 1373, 1349, 1372, 1375, 1381, 1378, 1380, 1387, - 1374, 1389, 1377, 1393, 1402, 1399, 1401, 1390, 1413, 1407, - 1404, 1424, 1417, 1414, 1420, 1441, 1443, 1439, 1423, 1416, - 1452, 1445, 1451, 1459, 1442, 1447, 1462, 1461, 1469, 1465, - 1478, 1487, 1492, 1488, 1479, 1485, 1504, 1496, 1506, 1500, - 1502, 1513, 1505, 1508, 1514, 1516, 1533, 1532, 1542, 1544, - 1520, 1547, 1535, 1538, 1531, 1534, 1563, 1548, 1555, 1561, - 1566, 1571, 1572, 1568, 1573, 1588, 1597, 1580, 1598, 1593, - 1577, 1595, 1604, 1600, 1610, 1616, 1624, 1615, 1619, 1625, - 1627, 1630, 1635, 1642, 1643, 1628, 1662, 1650, 5728, 1654, - - 1638, 1660, 1661, 1657, 1682, 1672, 1665, 1668, 1716, 5728, - 1681, 5728, 5728, 1686, 5728, 5728, 1670, 1699, 1700, 1713, - 1715, 1765, 1707, 1706, 1692, 1719, 1718, 1729, 1746, 1743, - 1752, 1732, 1751, 1755, 1759, 1763, 1749, 1771, 1770, 1792, - 1802, 1786, 1793, 1787, 1794, 1804, 1808, 1816, 1819, 1814, - 1818, 1815, 1829, 1820, 1821, 1832, 1830, 1825, 1831, 1846, - 1859, 1841, 5728, 1852, 1853, 1866, 1856, 1871, 1848, 1850, - 1881, 5728, 1864, 1873, 1882, 1875, 1888, 1886, 1898, 1890, - 1896, 1897, 1909, 1908, 1912, 1921, 1904, 1922, 1924, 1932, - 1933, 1936, 1925, 1946, 1945, 1934, 1956, 1960, 1959, 1952, - - 1951, 1972, 1954, 1975, 1976, 1980, 1973, 1986, 1977, 1968, - 1984, 1985, 2030, 2009, 2016, 2003, 1997, 2023, 2011, 2029, - 2017, 2028, 2036, 2037, 2060, 2054, 2056, 2050, 2058, 2068, - 2080, 2082, 2109, 2077, 2079, 2086, 2081, 2095, 2098, 2097, - 2104, 2102, 2112, 2122, 5728, 2092, 2111, 2124, 2120, 2138, - 2141, 2131, 2145, 2147, 2136, 2148, 2140, 2161, 2144, 2155, - 2158, 2167, 2171, 2165, 5728, 2168, 2172, 2174, 2192, 2195, - 2199, 2193, 2205, 2212, 2196, 5728, 2194, 2215, 2224, 2227, - 2220, 2218, 2226, 2223, 2232, 2219, 2233, 2239, 2251, 2242, - 2247, 2252, 2264, 2268, 2254, 2270, 2262, 2265, 2266, 2269, - - 2291, 2283, 2289, 5728, 2285, 2295, 2290, 2293, 2306, 2310, - 2299, 2318, 2308, 2300, 2315, 2312, 106, 2313, 2325, 2317, - 2322, 5728, 2335, 90, 2339, 2328, 2337, 2342, 2352, 2355, - 2362, 2345, 2351, 2363, 2356, 2358, 2366, 2361, 2372, 2375, - 2382, 2379, 2395, 2385, 2406, 2403, 2404, 2399, 2412, 2392, - 2416, 2409, 2402, 2422, 2426, 5728, 2440, 2437, 2432, 2431, - 2436, 2448, 2449, 2438, 2435, 2442, 2462, 2464, 2465, 2471, - 5728, 2470, 2467, 2478, 2473, 2491, 2487, 2515, 2482, 2476, - 2489, 2503, 2497, 2512, 2523, 2524, 2517, 2518, 2528, 2529, - 2531, 2526, 2536, 2543, 2520, 2540, 2544, 2559, 2542, 2583, - - 2577, 176, 2555, 5728, 2571, 2573, 2562, 2581, 2585, 2582, - 2560, 2586, 2600, 2602, 2598, 2593, 2595, 2617, 2631, 5728, - 2630, 2629, 2620, 2635, 2622, 2636, 2641, 2627, 2637, 2645, - 2647, 2643, 2650, 2666, 2653, 2670, 2674, 2672, 5728, 2547, - 2657, 2678, 2690, 2679, 2668, 2680, 2689, 2682, 2684, 2673, - 2694, 2699, 2700, 2710, 2706, 2727, 2705, 2709, 2712, 2733, - 2735, 2718, 2737, 5728, 2729, 2763, 2744, 2750, 2764, 2756, - 2747, 2768, 2762, 2757, 2752, 2769, 2777, 2774, 2761, 2790, - 2780, 2783, 2799, 2801, 2791, 2797, 2803, 2808, 2809, 2818, - 2814, 2825, 2829, 2821, 2810, 2841, 2824, 2851, 2852, 2854, - - 5728, 2857, 2856, 2858, 2845, 2859, 2848, 2847, 2869, 2892, - 2850, 2876, 2879, 2880, 2874, 2883, 2903, 2908, 2886, 2893, - 2896, 2897, 2904, 2890, 2906, 2913, 2925, 2922, 2937, 2939, - 2942, 2938, 2941, 2940, 2956, 5728, 2927, 2957, 2954, 2966, - 2945, 2967, 2964, 5728, 2961, 5728, 2971, 2981, 2996, 5728, - 2995, 5728, 2999, 2984, 5728, 2998, 3003, 2990, 2985, 2993, - 3008, 3006, 3015, 3012, 3009, 3017, 2997, 3027, 3037, 3028, - 3044, 5728, 3050, 3033, 3039, 3056, 3054, 3042, 3043, 3052, - 3055, 3065, 3068, 3076, 3071, 3089, 5728, 3079, 3087, 3077, - 3095, 5728, 3081, 3098, 3085, 3090, 3124, 3111, 3104, 3112, - - 3108, 3116, 3126, 3119, 3132, 3131, 3125, 3135, 3123, 3140, - 3138, 3143, 3156, 3147, 3158, 3146, 3157, 3159, 3167, 3168, - 3162, 3182, 3172, 3176, 3173, 3184, 5728, 3197, 3190, 3193, - 3186, 3208, 3209, 3200, 5728, 3211, 5728, 3214, 3222, 3229, - 3227, 3228, 3224, 3225, 3243, 3238, 3237, 3248, 3259, 3249, - 3255, 3245, 3257, 3264, 3266, 5728, 3254, 3265, 3284, 3272, - 3291, 3282, 3293, 3292, 3295, 5728, 3306, 3298, 3312, 3307, - 3318, 3303, 3330, 3319, 3333, 5728, 5728, 3310, 3339, 3325, - 3331, 3334, 3345, 3346, 3337, 5728, 3348, 3350, 3363, 3366, - 3373, 3374, 3359, 3358, 5728, 3369, 3383, 3377, 3380, 3376, - - 3390, 3393, 3396, 3397, 3395, 3410, 3399, 3418, 3419, 5728, - 3420, 3422, 3427, 3423, 3428, 3429, 3430, 3417, 3436, 3444, - 3447, 3446, 3451, 3468, 3449, 3456, 3452, 3477, 3462, 3481, - 3463, 3485, 3483, 3490, 3488, 5728, 3496, 3480, 3500, 3476, - 3505, 3512, 3504, 3507, 3502, 3510, 3528, 3515, 5728, 3545, - 3524, 3523, 3506, 3532, 3542, 3534, 3541, 3551, 3556, 5728, - 5728, 3555, 3560, 3559, 3566, 3567, 3562, 3579, 3569, 3581, - 5728, 3572, 3540, 3578, 3585, 3606, 3613, 3584, 3605, 3607, - 3594, 3599, 3608, 3624, 3611, 3604, 3622, 3621, 3625, 3631, - 3635, 3647, 3633, 3628, 3648, 3661, 3649, 3651, 3652, 3671, - - 3668, 3681, 3686, 3657, 3673, 3691, 5728, 3677, 3690, 3684, - 3676, 3697, 3680, 3709, 3703, 5728, 3711, 3705, 3719, 3720, - 3707, 3716, 3721, 3725, 3728, 5728, 3730, 5728, 3736, 3732, - 5728, 3733, 3740, 3741, 3742, 3738, 3754, 3766, 3769, 3779, - 3762, 5728, 3783, 3759, 3771, 3778, 5728, 3782, 5728, 3775, - 5728, 3793, 3785, 3789, 3796, 3814, 3790, 3794, 5728, 3817, - 3805, 3826, 3819, 3809, 3821, 3822, 3831, 3811, 3832, 3844, - 5728, 3842, 3845, 5728, 3851, 3864, 3849, 3868, 3872, 5728, - 3871, 5728, 3861, 3881, 3858, 3877, 3885, 3891, 3892, 3883, - 3893, 3890, 3898, 3902, 3908, 5728, 3907, 3917, 3905, 3920, - - 3912, 3918, 3937, 3936, 3944, 3910, 3943, 3948, 3951, 3947, - 3945, 5728, 3954, 3961, 5728, 3949, 3940, 3967, 3953, 5728, - 3984, 5728, 3986, 3976, 3970, 3989, 3999, 3993, 4000, 3982, - 4003, 4005, 4008, 4040, 3996, 4018, 5728, 5728, 4006, 4015, - 4014, 4042, 4027, 4026, 4019, 4045, 4047, 5728, 4030, 4051, - 4035, 4034, 4054, 4046, 4036, 4060, 4071, 4053, 4079, 4062, - 4073, 5728, 4074, 4067, 4072, 4078, 4082, 4095, 4083, 5728, - 4108, 4109, 4100, 4102, 4101, 4117, 4121, 4125, 4111, 4119, - 4136, 4138, 4133, 4142, 4149, 4135, 4151, 4139, 4155, 4156, - 4148, 5728, 4153, 4161, 4152, 4168, 4169, 4164, 4183, 4188, - - 4172, 4173, 4175, 4174, 4203, 5728, 4185, 4184, 4191, 4217, - 4208, 4209, 4222, 4197, 4224, 4218, 5728, 4214, 4232, 4213, - 4216, 4236, 4234, 4241, 4243, 4233, 4253, 4260, 4251, 4263, - 5728, 4252, 5728, 4266, 4270, 4280, 4282, 4284, 5728, 4273, - 4286, 5728, 4269, 5728, 4289, 4298, 4285, 4302, 4317, 5728, - 4320, 4307, 4322, 4312, 4313, 4309, 4325, 5728, 4331, 4334, - 4338, 4340, 4336, 4339, 4343, 4342, 4348, 4355, 4347, 4365, - 5728, 4361, 4373, 4380, 4381, 4383, 5728, 5728, 4376, 4392, - 4388, 4353, 4395, 5728, 5728, 5728, 4394, 5728, 4384, 5728, - 5728, 4404, 4397, 5728, 4399, 5728, 4405, 4412, 4398, 4406, - - 4422, 5728, 4411, 4423, 4434, 5728, 4433, 4441, 4425, 4429, - 5728, 4445, 5728, 4446, 4456, 4439, 4454, 4447, 4448, 4463, - 4452, 4449, 4476, 4470, 4472, 4475, 4483, 4469, 4465, 4486, - 4474, 4478, 4480, 4494, 4492, 4507, 4503, 4499, 4501, 4519, - 4526, 4529, 4532, 4535, 5728, 5728, 4520, 4525, 4515, 4521, - 4545, 4546, 4542, 4548, 5728, 4538, 4552, 4553, 4550, 4559, - 4564, 4565, 4562, 4575, 4585, 4599, 4572, 4581, 4584, 4592, - 4580, 4586, 4609, 4602, 5728, 4607, 4601, 5728, 5728, 4595, - 4622, 4618, 4617, 4619, 4635, 4634, 5728, 4624, 4636, 4648, - 4641, 5728, 4650, 4651, 4653, 4655, 5728, 5728, 5728, 4656, - - 4647, 4645, 4662, 4668, 4674, 4667, 4680, 5728, 4672, 4685, - 4697, 4676, 4692, 4693, 4698, 4699, 4712, 4706, 4709, 4710, - 5728, 5728, 4703, 4725, 4718, 4723, 4726, 4719, 4732, 4736, - 4715, 5728, 4744, 4743, 4733, 4745, 4755, 4756, 4768, 4757, - 5728, 4754, 4759, 4761, 4776, 4770, 4778, 4775, 4777, 4782, - 4794, 4799, 4800, 4805, 5728, 4802, 4806, 5728, 4809, 4804, - 4797, 5728, 4814, 5728, 4820, 5728, 5728, 4803, 4821, 4834, - 4840, 4844, 4851, 4852, 4835, 4841, 4858, 4856, 4859, 5728, - 5728, 4864, 4842, 4860, 4861, 5728, 5728, 4867, 4857, 4868, - 4871, 4876, 4883, 4877, 4886, 4898, 4888, 4908, 4910, 4913, - - 4901, 4915, 4892, 4895, 4918, 4923, 4926, 5728, 4881, 4928, - 4933, 5728, 4929, 4925, 5728, 4941, 4949, 4957, 4953, 4948, - 4969, 4954, 4955, 5728, 4965, 4960, 5728, 4952, 5728, 5728, - 5728, 4966, 4982, 4976, 5728, 4990, 4996, 5728, 5002, 4998, - 4986, 5009, 4987, 5010, 4993, 5020, 4994, 5018, 5728, 5012, - 5013, 5026, 5017, 5037, 5023, 5027, 5029, 5044, 5046, 5034, - 5049, 5047, 5728, 5062, 5063, 5728, 5065, 5064, 5728, 5067, - 5057, 5058, 5053, 5728, 5082, 5074, 5073, 5086, 5097, 5079, - 5090, 5085, 5103, 5104, 5110, 5728, 5106, 5094, 5113, 5115, - 5100, 5127, 5131, 5126, 5728, 5128, 5117, 5728, 5135, 5134, - - 5137, 5145, 5152, 5156, 5157, 5154, 5728, 5160, 5728, 5728, - 5728, 5164, 5728, 5167, 5155, 5153, 5161, 5168, 5166, 5728, - 5728, 5177, 5174, 5184, 5728, 5179, 5182, 5198, 5178, 5200, - 5192, 5191, 5196, 5194, 5217, 5728, 5728, 5204, 5728, 5220, - 5228, 5229, 5728, 5728, 5728, 5232, 5728, 5234, 5728, 5236, - 5221, 5231, 5728, 5243, 5235, 5728, 5246, 5244, 5251, 5254, - 5257, 5262, 5249, 5260, 5261, 5263, 5278, 5266, 5269, 5728, - 5728, 5286, 5728, 5292, 5728, 5288, 5298, 5728, 5287, 5302, - 5289, 5300, 5728, 5728, 5305, 5310, 5293, 5306, 5309, 5321, - 5324, 5728, 5728, 5728, 5314, 5728, 5318, 5323, 5332, 5728, - - 5331, 5334, 5333, 5335, 5338, 5350, 5341, 5337, 5363, 5362, - 5372, 5376, 5373, 5377, 5360, 5379, 5390, 5374, 5391, 5728, - 5380, 5728, 5728, 5389, 5396, 5397, 5399, 5398, 5400, 5728, - 5406, 5409, 5416, 5417, 5412, 5405, 5436, 5415, 5444, 5443, - 5446, 5447, 5435, 5453, 5450, 5457, 5440, 5463, 5469, 5466, - 5470, 5728, 5471, 5468, 5473, 5475, 5493, 5484, 5480, 5500, - 5503, 5508, 5498, 5510, 5506, 5511, 5515, 5517, 5519, 5520, - 5728, 5538, 5545, 5533, 5534, 5540, 5535, 5555, 5556, 5548, - 5551, 5559, 5564, 5562, 5728, 5566, 5728, 5728, 5568, 5575, - 5578, 5576, 5587, 5728, 5728, 5728, 5636, 5643, 5650, 5657, - - 5664, 82, 5671, 5678, 5685, 5692, 5699, 5706, 5713, 5720 + 0, 0, 64, 67, 70, 72, 78, 84, 89, 92, + 131, 137, 473, 390, 96, 6214, 6214, 6214, 109, 111, + 142, 180, 86, 133, 138, 172, 50, 151, 91, 181, + 197, 124, 241, 187, 225, 289, 233, 228, 253, 307, + 385, 6214, 6214, 6214, 95, 362, 6214, 6214, 6214, 102, + 331, 364, 6214, 6214, 6214, 311, 317, 6214, 6214, 6214, + 116, 245, 6214, 321, 6214, 265, 328, 221, 334, 160, + 0, 338, 0, 0, 141, 206, 184, 330, 322, 255, + 323, 335, 324, 222, 268, 350, 325, 334, 344, 357, + 358, 352, 367, 364, 389, 160, 361, 388, 394, 214, + + 373, 400, 391, 383, 399, 416, 410, 414, 407, 421, + 437, 424, 448, 425, 434, 178, 431, 464, 441, 460, + 458, 462, 461, 468, 263, 490, 488, 487, 476, 491, + 212, 171, 170, 241, 164, 533, 146, 85, 284, 77, + 539, 543, 0, 509, 511, 534, 526, 536, 523, 530, + 546, 527, 539, 554, 553, 559, 557, 580, 624, 561, + 571, 572, 586, 569, 589, 597, 581, 579, 619, 585, + 609, 610, 646, 612, 627, 570, 622, 661, 630, 626, + 642, 653, 670, 673, 681, 671, 669, 677, 665, 680, + 662, 679, 688, 690, 703, 700, 699, 715, 717, 702, + + 704, 714, 708, 729, 723, 727, 728, 738, 741, 735, + 763, 742, 764, 744, 758, 755, 765, 745, 772, 769, + 760, 784, 761, 789, 778, 782, 792, 810, 813, 578, + 797, 816, 819, 802, 806, 823, 824, 822, 832, 838, + 837, 834, 849, 841, 836, 839, 846, 847, 868, 872, + 853, 866, 859, 881, 873, 876, 883, 886, 878, 902, + 897, 904, 899, 909, 938, 359, 924, 915, 928, 936, + 944, 901, 951, 949, 942, 955, 946, 917, 959, 966, + 961, 971, 970, 984, 987, 977, 994, 996, 999, 998, + 1007, 980, 997, 1017, 1026, 1019, 1071, 1021, 1032, 1043, + + 1030, 1035, 1034, 1044, 1040, 1042, 1055, 1057, 1078, 1084, + 1079, 1100, 1076, 1095, 1101, 1102, 1099, 1092, 1104, 1134, + 1098, 1114, 1121, 1125, 1136, 1140, 1143, 1128, 1142, 1159, + 1149, 1145, 1171, 1151, 1164, 1161, 1174, 1186, 1187, 1173, + 1183, 1189, 1039, 1195, 1202, 1199, 1191, 1200, 1206, 1213, + 1216, 1220, 1230, 1229, 1214, 1236, 6214, 1243, 1227, 1238, + 1240, 1233, 1247, 6214, 1261, 1257, 1255, 1209, 1263, 1273, + 1271, 1260, 1288, 1286, 1296, 1280, 1292, 1295, 1282, 1298, + 1305, 1306, 1310, 1308, 1354, 1316, 1312, 1318, 1345, 1339, + 1329, 1265, 1332, 1347, 1337, 1356, 1363, 1366, 1364, 1383, + + 1387, 1375, 1377, 1393, 6214, 1397, 1376, 1404, 1283, 1395, + 1390, 979, 1411, 1406, 1414, 1415, 1426, 1417, 1425, 1431, + 1420, 1421, 1451, 1442, 1440, 1449, 1465, 1450, 1462, 1470, + 1447, 1466, 1453, 1467, 1469, 1484, 1477, 1483, 1480, 1486, + 1488, 1482, 1476, 1513, 1500, 1504, 1502, 1514, 1517, 1509, + 1529, 1526, 1527, 1533, 1534, 1546, 1542, 1550, 1560, 1561, + 1552, 1555, 1547, 1566, 1573, 1577, 1578, 1557, 1582, 1586, + 1584, 1603, 1588, 1601, 1617, 1595, 1607, 1619, 1602, 1615, + 1622, 1614, 1627, 1636, 1637, 1618, 1648, 1639, 1653, 1642, + 1644, 1649, 1652, 1657, 1647, 1663, 1673, 1667, 1666, 1697, + + 1677, 1679, 1700, 1699, 1704, 1702, 1693, 1692, 1708, 1705, + 1717, 1726, 1732, 1735, 1723, 1736, 1738, 1731, 1742, 1749, + 1752, 1753, 1725, 1774, 1762, 6214, 1758, 1761, 1766, 1787, + 1778, 1776, 1792, 1788, 1779, 1782, 1800, 1843, 6214, 1784, + 6214, 6214, 1795, 6214, 6214, 1822, 1802, 1826, 1815, 1832, + 1805, 1892, 1836, 1819, 1827, 1839, 1847, 1844, 1849, 1860, + 1858, 1879, 1876, 1875, 1885, 1895, 1874, 1906, 1889, 1908, + 1907, 1913, 1903, 1929, 1921, 1920, 1923, 1944, 1941, 1842, + 1934, 1948, 1947, 1949, 1950, 1942, 1959, 1955, 1969, 1963, + 1956, 1971, 1954, 1974, 6214, 1985, 1986, 1996, 1992, 1989, + + 2001, 1990, 1991, 1980, 2022, 6214, 2007, 2008, 2016, 2034, + 2017, 2020, 2019, 2028, 2036, 2046, 2024, 2035, 2044, 2047, + 2043, 2052, 2056, 2062, 2064, 2081, 2092, 2084, 2071, 2083, + 2089, 2072, 2096, 2101, 2099, 2086, 2087, 2106, 2098, 2107, + 2114, 2112, 2120, 2133, 2117, 2116, 2124, 2122, 2125, 2171, + 2156, 2144, 2139, 2143, 2173, 2163, 2167, 2175, 2158, 2179, + 2184, 2181, 2207, 2186, 2183, 2200, 2203, 2219, 2231, 2228, + 75, 2258, 2223, 2224, 2226, 2230, 2244, 2233, 2246, 2247, + 2249, 2251, 2236, 2271, 6214, 2252, 2279, 2273, 2267, 2288, + 2285, 2286, 2287, 2294, 2283, 2307, 2301, 2313, 2302, 2310, + + 2311, 2326, 2327, 2306, 6214, 2325, 2323, 2328, 2329, 2343, + 2352, 2354, 2351, 2340, 2366, 2361, 6214, 2349, 2377, 2379, + 2382, 2375, 2370, 2376, 2369, 2378, 2392, 2373, 2403, 2397, + 2406, 2409, 2415, 6214, 2393, 2407, 2422, 2429, 2430, 2419, + 2440, 2426, 2432, 2425, 2434, 2436, 2453, 2455, 6214, 2450, + 2459, 2454, 2457, 2478, 2480, 2461, 2474, 2483, 2471, 2477, + 2481, 291, 2482, 2485, 2492, 2472, 6214, 2495, 68, 2488, + 2498, 2496, 2531, 2533, 2525, 2532, 2537, 2521, 2522, 2539, + 2538, 2527, 2540, 2541, 2551, 2545, 2561, 2558, 2571, 2559, + 2589, 6214, 2554, 2582, 2583, 2585, 2588, 2566, 2586, 2596, + + 2573, 2602, 2606, 6214, 2620, 2623, 2615, 2616, 2611, 2621, + 2632, 2628, 2618, 2635, 2626, 2643, 2645, 2641, 2653, 2665, + 6214, 2651, 2655, 2667, 2657, 2676, 2678, 2691, 2666, 2683, + 2682, 2688, 2686, 2698, 2684, 2705, 2709, 2710, 2715, 2716, + 2722, 2708, 2718, 2724, 2717, 2712, 2743, 2745, 2747, 2749, + 2772, 2766, 153, 2751, 6214, 2756, 2758, 2750, 2755, 2771, + 2770, 2787, 2782, 2794, 2789, 2791, 2795, 2806, 2785, 2815, + 2807, 2811, 2825, 6214, 2832, 2822, 2817, 2839, 2821, 2840, + 2838, 2829, 2845, 2837, 2853, 2847, 2856, 2859, 2851, 2865, + 2866, 2862, 6214, 2881, 2884, 2885, 2886, 2882, 2876, 2883, + + 2897, 2879, 2887, 2878, 2909, 2905, 2896, 2903, 2906, 2911, + 2926, 2917, 2914, 2913, 2930, 2945, 2928, 2943, 6214, 2940, + 2965, 2941, 2953, 2949, 2956, 2964, 2977, 2967, 2978, 2980, + 2976, 2966, 2973, 2991, 2990, 2992, 2993, 6214, 2998, 2997, + 2970, 3011, 3007, 3012, 3016, 3014, 3025, 3028, 3039, 3029, + 3036, 3048, 3038, 3040, 3043, 3054, 3056, 3066, 3067, 3076, + 6214, 3069, 3074, 3070, 3071, 3080, 3073, 3063, 3113, 3115, + 3072, 3098, 3099, 3101, 3107, 3095, 3104, 3105, 3129, 3108, + 3114, 3124, 3130, 3125, 3132, 3131, 3135, 3134, 3155, 3165, + 3163, 3170, 3156, 3162, 3159, 3185, 6214, 3158, 3184, 3175, + + 3176, 3189, 3186, 3192, 3195, 3182, 3207, 6214, 3199, 6214, + 3216, 3222, 3229, 6214, 3225, 6214, 3228, 3214, 6214, 3232, + 3237, 3224, 3220, 3226, 3231, 3246, 3254, 3256, 3248, 3269, + 3249, 3263, 3273, 3259, 3275, 6214, 3279, 3264, 3285, 3283, + 3287, 3288, 3293, 3294, 3311, 3297, 3320, 3318, 3298, 3307, + 3333, 6214, 3315, 3331, 3332, 3330, 6214, 3328, 3338, 3340, + 3319, 3346, 3345, 3350, 3349, 3368, 3358, 3365, 3372, 3375, + 3357, 3384, 3388, 3389, 3373, 3385, 3383, 3398, 3400, 3399, + 3396, 3401, 3420, 3416, 3411, 3414, 3415, 3410, 3422, 3427, + 3431, 3445, 3430, 3432, 3441, 3443, 6214, 3453, 3440, 3468, + + 3454, 3458, 3466, 3467, 6214, 3484, 6214, 3449, 3486, 3488, + 3487, 3470, 3493, 3491, 3494, 3500, 3497, 3513, 3517, 3508, + 3512, 3510, 3511, 3514, 3526, 3531, 6214, 3520, 3530, 3550, + 3536, 3553, 3549, 3559, 3555, 3565, 3566, 6214, 3570, 3572, + 3573, 3579, 3576, 3582, 6214, 3575, 3578, 3585, 3604, 6214, + 6214, 3577, 3600, 3601, 3602, 3597, 3623, 3603, 3615, 6214, + 3621, 3612, 3622, 3631, 3639, 3640, 3628, 3629, 6214, 3642, + 3638, 3647, 3655, 3656, 3658, 3654, 3660, 3659, 3663, 3674, + 3671, 3651, 3688, 3676, 6214, 3689, 3684, 3696, 3687, 3703, + 3686, 3690, 3704, 3719, 3700, 3698, 3713, 3729, 3726, 3718, + + 3727, 3741, 3749, 3731, 3740, 3723, 3747, 3737, 3760, 3745, + 3763, 3767, 3778, 3774, 6214, 3783, 3762, 3786, 3770, 3779, + 3785, 3787, 3796, 3805, 3800, 3801, 3804, 3806, 6214, 3808, + 3802, 3809, 3811, 3813, 3833, 3822, 3828, 3836, 3825, 6214, + 6214, 3832, 3835, 3854, 3843, 3860, 3862, 3846, 3864, 3848, + 3863, 6214, 3873, 3881, 3866, 3875, 3885, 3889, 3888, 3890, + 3887, 3877, 3884, 3898, 3904, 3900, 3893, 3920, 3911, 3924, + 6214, 3913, 3914, 3916, 3938, 3927, 3930, 3936, 3956, 3949, + 3931, 3947, 3948, 3955, 3964, 3978, 3975, 3954, 3965, 3989, + 6214, 3973, 3982, 3981, 3962, 3995, 3974, 4002, 3991, 6214, + + 4007, 3997, 4006, 4011, 3999, 4020, 4015, 4012, 4022, 4018, + 6214, 4026, 6214, 4029, 4023, 6214, 4024, 4040, 4041, 4034, + 4055, 4057, 4044, 4056, 4048, 4050, 4068, 4071, 4078, 4067, + 6214, 4073, 4062, 4077, 4079, 6214, 4090, 6214, 4093, 6214, + 4087, 4083, 4116, 4101, 4120, 4117, 4122, 4115, 6214, 4124, + 4105, 4126, 4128, 4112, 4129, 4145, 4147, 4108, 4148, 4160, + 6214, 4142, 4150, 6214, 4168, 4138, 4153, 4176, 4175, 6214, + 4169, 4183, 6214, 4174, 4191, 4187, 4189, 4190, 4199, 4202, + 4193, 4203, 4227, 4219, 4212, 4220, 6214, 4214, 4218, 4235, + 4236, 4229, 4222, 4241, 4238, 4246, 4245, 4252, 4260, 4265, + + 4256, 4255, 4266, 4269, 4279, 6214, 4262, 4281, 6214, 4282, + 4270, 4280, 4283, 6214, 4294, 6214, 4296, 4297, 4289, 4306, + 4311, 4310, 4320, 4309, 4326, 4327, 4318, 4340, 4335, 4324, + 6214, 6214, 4334, 4348, 4341, 4352, 4355, 4353, 4342, 4369, + 4361, 4372, 4368, 6214, 4370, 4358, 6214, 4359, 4376, 4371, + 4387, 4386, 4388, 4393, 4389, 4400, 4392, 4405, 4396, 4398, + 6214, 4411, 4401, 4415, 4416, 4419, 4414, 4427, 6214, 4432, + 4445, 4449, 4437, 4441, 4443, 4457, 4460, 4461, 4454, 4465, + 4462, 4482, 4471, 4473, 4480, 4474, 4486, 4477, 4497, 4499, + 4488, 4484, 6214, 4501, 4508, 4498, 4510, 4496, 4513, 4509, + + 4515, 4527, 4526, 4523, 4528, 4532, 6214, 4529, 4525, 4536, + 4530, 4560, 4543, 4564, 4546, 4561, 4553, 4570, 4558, 4575, + 6214, 4557, 4576, 4565, 4573, 4578, 4596, 4602, 4594, 4603, + 4605, 4597, 4588, 4606, 6214, 4598, 6214, 4613, 4615, 4624, + 4626, 4628, 6214, 4629, 4637, 6214, 4640, 4604, 4645, 6214, + 4655, 4654, 4641, 4651, 4660, 6214, 4665, 4664, 4671, 4670, + 4662, 4673, 4668, 4679, 4675, 4682, 6214, 4695, 4701, 4705, + 4703, 4691, 4692, 4700, 4709, 4696, 4710, 4722, 4718, 4707, + 6214, 4717, 4741, 4734, 4739, 4748, 6214, 6214, 4740, 4752, + 4755, 4730, 4761, 6214, 6214, 6214, 4759, 6214, 4745, 6214, + + 6214, 4760, 4764, 4770, 6214, 4771, 6214, 4781, 4777, 4768, + 4772, 4788, 6214, 4782, 4790, 4800, 6214, 4797, 4808, 4789, + 4795, 6214, 4812, 6214, 4813, 4818, 4820, 4817, 4809, 4816, + 4821, 4831, 4832, 4838, 4837, 4824, 4853, 4843, 4844, 4848, + 4857, 4841, 4863, 4858, 4846, 4859, 4864, 4868, 4882, 4873, + 4884, 4880, 4875, 4885, 4900, 4905, 4909, 4878, 4913, 4915, + 6214, 6214, 4899, 4907, 6214, 4901, 4904, 4911, 4919, 4920, + 4930, 4934, 4953, 6214, 4951, 4946, 4940, 4956, 4944, 4947, + 4957, 4960, 4943, 4964, 4968, 4974, 4970, 4978, 4977, 4967, + 4980, 4986, 5003, 5007, 6214, 4989, 4990, 4992, 6214, 6214, + + 4994, 5015, 5012, 5013, 5004, 5024, 5025, 6214, 5017, 5039, + 5026, 5033, 6214, 5047, 6214, 5048, 5031, 5054, 5052, 5061, + 6214, 6214, 6214, 5062, 5042, 5055, 5056, 5066, 5067, 5059, + 5077, 6214, 5081, 5075, 5082, 5086, 5076, 5097, 5093, 5105, + 5111, 5112, 5114, 5103, 5116, 5119, 6214, 6214, 5108, 5131, + 5120, 5127, 5129, 5135, 5141, 5134, 5128, 5146, 5145, 6214, + 5156, 5148, 5147, 5158, 5155, 5160, 5178, 5161, 6214, 6214, + 5162, 5173, 5175, 5190, 5176, 5192, 5184, 5204, 5188, 5205, + 5139, 5210, 5206, 5208, 6214, 5203, 5211, 6214, 5219, 5202, + 5227, 6214, 5217, 6214, 6214, 5225, 6214, 5228, 6214, 5229, + + 5246, 5253, 5254, 5258, 5259, 5260, 5243, 5250, 5267, 5263, + 5262, 6214, 6214, 5272, 5255, 5265, 5270, 5275, 5279, 6214, + 6214, 5290, 5293, 6214, 5276, 5291, 5299, 5289, 5292, 5297, + 5313, 5302, 5306, 5318, 5324, 5329, 5331, 5326, 5338, 5327, + 5323, 5335, 5340, 5341, 6214, 5346, 5352, 5345, 6214, 5366, + 5370, 5368, 6214, 5362, 5378, 5379, 5372, 5369, 5391, 5385, + 5392, 6214, 5394, 5400, 5402, 6214, 5388, 6214, 6214, 6214, + 5411, 5419, 5408, 6214, 5418, 5429, 6214, 5422, 5415, 5412, + 5407, 5443, 5436, 5447, 5437, 5434, 5449, 5440, 5467, 5441, + 5465, 6214, 5450, 5456, 5472, 5460, 5474, 5475, 5464, 5470, + + 5482, 5481, 5477, 5488, 5487, 6214, 5495, 5510, 6214, 5512, + 5502, 5514, 6214, 5520, 5501, 5500, 5505, 6214, 5525, 5517, + 6214, 5513, 5534, 5536, 5530, 5542, 5539, 5538, 5540, 5555, + 6214, 5548, 5544, 5547, 5568, 5569, 5561, 6214, 5573, 5558, + 5585, 5575, 5584, 6214, 5589, 5571, 6214, 5594, 5596, 5583, + 5598, 5607, 5608, 5609, 5610, 6214, 5613, 6214, 6214, 6214, + 5600, 5617, 6214, 5614, 5612, 5611, 5620, 5632, 5628, 6214, + 6214, 5635, 5646, 5645, 6214, 5634, 5637, 5647, 5636, 5659, + 6214, 5658, 5649, 5653, 5651, 5670, 5662, 5663, 6214, 6214, + 5679, 6214, 5682, 5691, 5696, 6214, 6214, 6214, 5701, 6214, + + 5704, 5703, 6214, 5705, 5690, 5697, 6214, 5712, 5698, 6214, + 5702, 5710, 5715, 5721, 5722, 5718, 5731, 5741, 5725, 5729, + 5730, 5748, 5749, 5740, 5755, 6214, 6214, 5761, 6214, 5762, + 5764, 5765, 6214, 5757, 5769, 6214, 5758, 5771, 5768, 5773, + 6214, 6214, 5776, 5784, 6214, 5779, 5788, 5785, 5782, 5786, + 5789, 6214, 6214, 6214, 6214, 6214, 5815, 6214, 5803, 5799, + 5806, 6214, 5800, 5797, 5809, 5821, 5825, 5828, 5812, 5826, + 5831, 5838, 5845, 5856, 5858, 5857, 5855, 5861, 5848, 5847, + 5868, 5863, 5869, 6214, 5864, 6214, 5874, 6214, 5875, 5881, + 5885, 5883, 5886, 5884, 6214, 5891, 5910, 5888, 5896, 5904, + + 5901, 5911, 5922, 5906, 5929, 5934, 5937, 5940, 5941, 5931, + 5944, 5948, 6214, 5952, 5936, 5938, 5956, 5947, 5963, 6214, + 5965, 5961, 5962, 5972, 5977, 5982, 5975, 5990, 5995, 5993, + 5999, 5992, 6000, 6003, 6008, 5997, 6023, 6012, 6214, 6024, + 6027, 6017, 6021, 6033, 6022, 6026, 6046, 6052, 6050, 6062, + 6064, 6058, 6214, 6061, 6214, 6214, 6070, 6059, 6063, 6069, + 6071, 6214, 6214, 6214, 6122, 6129, 6136, 6143, 6150, 100, + 6157, 6164, 6171, 6178, 6185, 6192, 6199, 6206 } ; -static yyconst flex_int16_t yy_def[2011] = +static yyconst flex_int16_t yy_def[2179] = { 0, - 1996, 1, 1997, 1997, 1998, 1998, 1999, 1999, 2000, 2000, - 2001, 2001, 1996, 2002, 1996, 1996, 1996, 1996, 2003, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2004, 1996, 1996, 1996, 2004, 2005, 1996, 1996, 1996, 2005, - 2006, 1996, 1996, 1996, 1996, 2006, 2007, 1996, 1996, 1996, - 2007, 2008, 1996, 2009, 1996, 2008, 2008, 2002, 2002, 1996, - 2010, 2003, 2010, 2003, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2004, 2004, - 2005, 2005, 2006, 2006, 1996, 2007, 2007, 2008, 2008, 2009, - 2009, 2008, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2008, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2008, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2008, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2008, 2002, 2002, 2002, 2002, 2002, 1996, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 1996, 1996, 2002, 1996, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2008, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2008, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 1996, 2002, 1996, 2002, 2002, 2002, 1996, - 2002, 1996, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 1996, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 1996, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 1996, 2002, 2002, - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 1996, 2002, 1996, 2002, - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 1996, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 1996, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 1996, 2002, - 2002, 1996, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 2002, 2002, 2002, 2002, 2002, 1996, 1996, 2002, 2002, - 2002, 2002, 2002, 1996, 1996, 1996, 2002, 1996, 2002, 1996, - 1996, 2002, 2002, 1996, 2002, 1996, 2002, 2002, 2002, 2002, - - 2002, 1996, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 1996, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 2002, 1996, 1996, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 1996, 1996, 1996, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 2002, 1996, 2002, 2002, - 2002, 1996, 2002, 1996, 2002, 1996, 1996, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 1996, 2002, 2002, 2002, 2002, 1996, 1996, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, - 2002, 1996, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 1996, 2002, 2002, 1996, 2002, 1996, 1996, - 1996, 2002, 2002, 2002, 1996, 2002, 2002, 1996, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 1996, 2002, 2002, 1996, 2002, 2002, 1996, 2002, - 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 2002, 1996, 2002, 2002, - - 2002, 2002, 2002, 2002, 2002, 2002, 1996, 2002, 1996, 1996, - 1996, 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 1996, 2002, 2002, 2002, 1996, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 1996, 1996, 2002, 1996, 2002, - 2002, 2002, 1996, 1996, 1996, 2002, 1996, 2002, 1996, 2002, - 2002, 2002, 1996, 2002, 2002, 1996, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 1996, 2002, 1996, 2002, 1996, 2002, 2002, 1996, 2002, 2002, - 2002, 2002, 1996, 1996, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 1996, 1996, 2002, 1996, 2002, 2002, 2002, 1996, - - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 1996, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 1996, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 1996, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, 2002, - 2002, 2002, 2002, 2002, 1996, 2002, 1996, 1996, 2002, 2002, - 2002, 2002, 2002, 1996, 1996, 0, 1996, 1996, 1996, 1996, - - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996 + 2164, 1, 2165, 2165, 2166, 2166, 2167, 2167, 2168, 2168, + 2169, 2169, 2164, 2170, 2164, 2164, 2164, 2164, 2171, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2172, 2164, 2164, 2164, 2172, 2173, 2164, 2164, 2164, 2173, + 2174, 2164, 2164, 2164, 2164, 2174, 2175, 2164, 2164, 2164, + 2175, 2176, 2164, 2177, 2164, 2176, 2176, 2170, 2170, 2164, + 2178, 2171, 2178, 2171, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2172, 2172, 2173, 2173, 2174, 2174, 2164, 2175, 2175, 2176, + 2176, 2177, 2177, 2176, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2176, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2176, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2164, 2176, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2176, + 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2164, 2164, 2170, 2164, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2176, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2176, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2164, + 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2164, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2164, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2164, + 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2164, + 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2164, 2164, 2170, 2170, + 2170, 2170, 2170, 2164, 2164, 2164, 2170, 2164, 2170, 2164, + + 2164, 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2164, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2164, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, + 2170, 2170, 2164, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2164, 2164, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2164, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2164, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, + 2170, 2164, 2170, 2164, 2164, 2170, 2164, 2170, 2164, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, + 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2170, 2170, 2170, 2164, 2170, 2164, 2164, 2164, + 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, + 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2164, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2170, + 2170, 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2164, 2170, 2164, 2164, 2164, + 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, + 2164, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2164, + 2170, 2164, 2170, 2170, 2170, 2164, 2164, 2164, 2170, 2164, + + 2170, 2170, 2164, 2170, 2170, 2170, 2164, 2170, 2170, 2164, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2164, 2164, 2170, 2164, 2170, + 2170, 2170, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, + 2164, 2164, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + 2170, 2164, 2164, 2164, 2164, 2164, 2170, 2164, 2170, 2170, + 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2164, 2170, 2164, 2170, 2164, 2170, 2170, + 2170, 2170, 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, + + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2164, 2170, 2170, 2170, 2170, 2170, 2170, 2164, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2164, 2170, + 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, 2170, + 2170, 2170, 2164, 2170, 2164, 2164, 2170, 2170, 2170, 2170, + 2170, 2164, 2164, 0, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164 } ; -static yyconst flex_uint16_t yy_nxt[5794] = +static yyconst flex_uint16_t yy_nxt[6281] = { 0, 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, - 14, 18, 20, 14, 21, 22, 23, 24, 14, 25, - 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 14, 14, 14, 14, 40, 20, - 14, 21, 22, 23, 24, 14, 25, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 14, 14, 14, 14, 42, 43, 44, 42, 43, - 44, 47, 48, 47, 48, 49, 96, 49, 52, 53, - 54, 55, 68, 18, 52, 53, 54, 55, 69, 18, - 58, 59, 60, 58, 59, 60, 70, 129, 129, 131, - - 71, 45, 131, 96, 45, 136, 136, 50, 73, 50, - 73, 73, 70, 73, 843, 56, 71, 68, 73, 68, - 68, 56, 68, 86, 75, 76, 61, 68, 139, 61, - 15, 16, 17, 63, 64, 65, 15, 16, 17, 63, - 64, 65, 77, 87, 69, 74, 69, 98, 69, 66, - 86, 75, 76, 131, 78, 66, 131, 88, 154, 69, - 139, 79, 112, 69, 90, 97, 142, 67, 80, 77, - 87, 89, 91, 67, 98, 69, 66, 129, 129, 139, - 69, 78, 66, 69, 88, 154, 929, 69, 79, 112, - 69, 90, 97, 142, 99, 80, 81, 137, 89, 91, - - 82, 92, 100, 83, 93, 84, 85, 135, 101, 106, - 134, 94, 102, 95, 69, 69, 170, 121, 69, 122, - 69, 99, 103, 81, 69, 196, 104, 82, 92, 100, - 83, 93, 84, 85, 123, 101, 106, 113, 94, 102, - 95, 114, 105, 69, 121, 117, 122, 69, 69, 103, - 144, 115, 124, 104, 116, 118, 69, 125, 132, 119, - 120, 123, 130, 69, 113, 69, 69, 69, 114, 105, - 107, 143, 117, 69, 108, 136, 136, 144, 115, 124, - 109, 116, 118, 110, 125, 126, 119, 120, 139, 127, - 111, 149, 69, 128, 137, 69, 135, 107, 143, 134, - - 133, 108, 133, 133, 69, 133, 132, 109, 145, 130, - 110, 69, 126, 69, 211, 69, 127, 111, 149, 73, - 128, 73, 73, 138, 73, 138, 138, 68, 138, 68, - 68, 73, 68, 73, 73, 145, 73, 68, 146, 148, - 150, 73, 155, 152, 153, 69, 151, 158, 69, 161, - 69, 147, 69, 1996, 163, 156, 141, 159, 69, 1996, - 69, 69, 69, 160, 69, 146, 148, 150, 74, 155, - 152, 153, 157, 151, 158, 164, 161, 69, 147, 69, - 162, 163, 165, 1996, 159, 1996, 69, 1996, 166, 69, - 160, 167, 171, 176, 172, 69, 69, 69, 177, 157, - - 69, 178, 164, 1996, 168, 169, 174, 162, 184, 165, - 175, 69, 69, 180, 173, 166, 69, 69, 167, 171, - 176, 172, 179, 181, 69, 177, 1996, 69, 178, 183, - 69, 168, 169, 174, 182, 184, 69, 175, 186, 185, - 180, 173, 69, 69, 190, 189, 1996, 69, 69, 179, - 181, 187, 69, 191, 192, 188, 183, 193, 1996, 194, - 69, 182, 69, 304, 197, 186, 185, 69, 69, 69, - 69, 190, 189, 69, 195, 222, 198, 201, 187, 69, - 191, 192, 188, 69, 193, 200, 194, 202, 69, 207, - 203, 197, 69, 69, 69, 206, 199, 205, 69, 208, - - 1996, 195, 69, 198, 201, 1996, 69, 1996, 1996, 209, - 69, 204, 200, 1996, 202, 69, 207, 203, 1996, 69, - 343, 69, 206, 199, 205, 133, 208, 133, 133, 138, - 133, 138, 138, 139, 138, 210, 209, 73, 204, 73, - 73, 212, 73, 214, 213, 216, 215, 69, 217, 218, - 1996, 69, 69, 69, 219, 220, 232, 69, 69, 221, - 405, 406, 210, 69, 230, 233, 69, 223, 212, 1996, - 214, 213, 216, 215, 141, 217, 231, 69, 69, 235, - 69, 219, 220, 232, 69, 69, 221, 69, 224, 69, - 69, 230, 233, 234, 1996, 69, 236, 69, 237, 1996, - - 238, 241, 69, 231, 239, 1996, 235, 240, 242, 250, - 69, 69, 69, 1996, 243, 224, 225, 248, 69, 69, - 234, 226, 1996, 236, 69, 237, 227, 238, 241, 1996, - 69, 239, 228, 229, 240, 242, 69, 244, 249, 69, - 69, 243, 245, 225, 248, 251, 254, 252, 226, 69, - 1996, 1996, 255, 227, 246, 256, 247, 253, 257, 228, - 229, 69, 1996, 69, 244, 249, 258, 259, 260, 245, - 69, 69, 251, 262, 261, 263, 265, 69, 69, 255, - 1996, 246, 256, 247, 253, 264, 266, 69, 69, 69, - 267, 69, 69, 258, 69, 270, 69, 69, 69, 69, - - 262, 261, 263, 265, 268, 269, 272, 69, 271, 69, - 276, 273, 264, 266, 280, 69, 69, 267, 69, 277, - 274, 275, 270, 279, 278, 282, 69, 69, 69, 69, - 283, 268, 269, 272, 281, 271, 284, 286, 273, 290, - 69, 69, 69, 69, 293, 69, 277, 274, 275, 69, - 279, 278, 282, 287, 139, 289, 69, 283, 285, 69, - 292, 281, 294, 291, 295, 296, 290, 69, 69, 299, - 288, 69, 297, 298, 300, 69, 69, 69, 69, 69, - 287, 69, 289, 301, 69, 285, 69, 292, 69, 294, - 291, 302, 296, 303, 307, 69, 299, 288, 305, 297, - - 298, 300, 306, 308, 310, 69, 312, 69, 309, 1996, - 301, 314, 315, 317, 1996, 69, 69, 1996, 302, 69, - 303, 307, 311, 313, 69, 305, 316, 69, 69, 306, - 308, 310, 69, 321, 318, 309, 69, 69, 69, 315, - 69, 69, 69, 319, 69, 320, 325, 69, 69, 311, - 313, 69, 69, 316, 322, 323, 324, 326, 1996, 327, - 321, 318, 328, 329, 330, 69, 69, 331, 1996, 69, - 319, 69, 320, 325, 1996, 337, 1996, 332, 69, 69, - 69, 322, 323, 324, 326, 69, 327, 344, 333, 328, - 329, 69, 69, 69, 331, 69, 334, 335, 339, 336, - - 350, 338, 337, 340, 332, 347, 69, 69, 341, 342, - 345, 69, 69, 346, 344, 333, 348, 69, 69, 351, - 69, 349, 354, 334, 335, 339, 336, 69, 338, 352, - 340, 357, 347, 69, 69, 341, 342, 345, 353, 69, - 346, 69, 355, 348, 69, 356, 351, 358, 349, 354, - 69, 359, 69, 362, 69, 69, 352, 69, 360, 367, - 361, 366, 69, 1996, 1996, 353, 69, 368, 371, 355, - 1996, 392, 356, 69, 358, 69, 398, 1996, 359, 69, - 362, 363, 69, 369, 364, 360, 365, 361, 366, 69, - 69, 370, 69, 372, 368, 371, 373, 69, 374, 376, - - 386, 385, 69, 384, 387, 69, 1996, 69, 363, 69, - 369, 364, 69, 365, 375, 69, 1996, 390, 370, 69, - 372, 388, 69, 373, 389, 374, 376, 139, 385, 69, - 384, 69, 69, 391, 393, 395, 396, 397, 69, 394, - 69, 375, 377, 378, 390, 402, 69, 69, 388, 69, - 399, 389, 379, 400, 380, 381, 382, 69, 69, 383, - 391, 393, 395, 396, 397, 401, 394, 69, 69, 377, - 378, 404, 422, 403, 408, 1996, 69, 399, 69, 379, - 400, 380, 381, 382, 69, 69, 383, 407, 409, 410, - 412, 415, 401, 69, 69, 411, 413, 414, 404, 69, - - 403, 408, 69, 69, 69, 419, 69, 418, 416, 1996, - 420, 421, 1996, 69, 407, 409, 410, 412, 415, 69, - 69, 417, 411, 413, 414, 69, 69, 69, 424, 69, - 423, 425, 419, 69, 418, 416, 69, 420, 421, 426, - 427, 1996, 428, 429, 432, 430, 434, 69, 417, 69, - 431, 433, 69, 436, 69, 424, 1996, 423, 425, 69, - 435, 69, 438, 1996, 437, 69, 426, 427, 69, 428, - 429, 69, 430, 434, 69, 69, 69, 431, 433, 69, - 436, 439, 69, 440, 441, 69, 442, 435, 443, 438, - 69, 437, 444, 447, 448, 451, 453, 445, 69, 446, - - 69, 1996, 69, 457, 1996, 69, 1996, 69, 439, 69, - 440, 441, 69, 442, 69, 443, 69, 69, 452, 444, - 447, 448, 451, 449, 445, 450, 446, 69, 454, 455, - 456, 69, 69, 460, 69, 461, 458, 465, 69, 464, - 1996, 69, 462, 1996, 1996, 452, 69, 463, 69, 69, - 449, 69, 450, 1996, 499, 454, 455, 456, 459, 69, - 460, 69, 461, 466, 465, 69, 464, 69, 473, 462, - 474, 69, 475, 494, 463, 69, 478, 476, 69, 1996, - 479, 69, 1996, 69, 480, 459, 477, 69, 482, 1996, - 466, 467, 481, 483, 69, 473, 468, 474, 469, 475, - - 69, 1996, 1996, 478, 69, 69, 470, 479, 69, 471, - 69, 480, 484, 477, 69, 482, 472, 69, 467, 481, - 483, 486, 485, 468, 488, 469, 487, 69, 491, 69, - 490, 69, 489, 470, 69, 492, 471, 493, 69, 484, - 69, 1996, 498, 472, 497, 496, 69, 1996, 486, 485, - 69, 488, 495, 487, 69, 491, 69, 490, 69, 489, - 139, 69, 492, 500, 493, 501, 502, 69, 503, 498, - 504, 497, 496, 511, 507, 506, 505, 508, 69, 495, - 509, 69, 69, 512, 510, 69, 513, 69, 514, 515, - 500, 516, 69, 502, 517, 503, 69, 504, 69, 69, - - 511, 507, 506, 505, 508, 519, 518, 520, 521, 522, - 69, 69, 69, 69, 523, 69, 69, 524, 69, 69, - 526, 525, 1996, 527, 1996, 69, 533, 69, 69, 528, - 538, 69, 519, 518, 520, 521, 539, 69, 529, 69, - 69, 523, 69, 530, 524, 69, 532, 531, 525, 534, - 527, 69, 69, 533, 69, 69, 528, 535, 69, 536, - 541, 69, 69, 539, 537, 529, 540, 543, 1996, 545, - 530, 546, 550, 532, 531, 544, 534, 69, 547, 69, - 69, 69, 542, 69, 535, 69, 536, 541, 548, 69, - 69, 537, 549, 540, 543, 551, 545, 69, 546, 69, - - 69, 552, 544, 69, 554, 547, 553, 69, 555, 542, - 556, 557, 558, 559, 560, 548, 69, 69, 561, 549, - 562, 566, 551, 69, 563, 69, 69, 1996, 552, 564, - 69, 554, 565, 553, 69, 555, 567, 556, 69, 558, - 69, 560, 69, 69, 69, 561, 69, 568, 570, 571, - 574, 69, 69, 572, 69, 1996, 564, 573, 69, 565, - 575, 578, 569, 567, 576, 579, 1996, 577, 581, 69, - 69, 69, 69, 69, 568, 570, 69, 574, 580, 586, - 69, 582, 69, 1996, 573, 69, 69, 575, 578, 569, - 583, 576, 579, 69, 577, 581, 584, 585, 587, 69, - - 589, 69, 591, 588, 69, 580, 69, 594, 582, 69, - 69, 69, 590, 1996, 592, 69, 597, 583, 69, 595, - 593, 1996, 596, 584, 585, 587, 69, 589, 598, 591, - 588, 69, 599, 69, 594, 69, 69, 602, 69, 590, - 600, 592, 69, 597, 601, 603, 595, 593, 69, 596, - 605, 606, 604, 69, 69, 598, 607, 69, 608, 599, - 609, 613, 69, 69, 602, 69, 69, 600, 69, 614, - 612, 601, 603, 139, 610, 615, 69, 605, 606, 604, - 69, 69, 611, 607, 616, 608, 617, 609, 69, 618, - 629, 619, 69, 1996, 620, 69, 614, 612, 69, 69, - - 69, 610, 615, 69, 621, 1996, 69, 627, 69, 611, - 69, 616, 1996, 617, 628, 631, 630, 629, 619, 69, - 69, 620, 633, 641, 69, 632, 1996, 1996, 643, 645, - 69, 621, 622, 644, 627, 642, 623, 69, 69, 624, - 1996, 628, 631, 630, 69, 69, 625, 646, 650, 626, - 641, 69, 632, 69, 69, 643, 69, 69, 647, 622, - 644, 1996, 642, 623, 649, 651, 624, 69, 1996, 648, - 69, 652, 653, 625, 646, 650, 626, 634, 635, 655, - 636, 69, 1996, 637, 69, 647, 654, 69, 638, 69, - 69, 649, 651, 69, 639, 640, 648, 69, 652, 653, - - 657, 69, 656, 69, 634, 635, 655, 636, 69, 69, - 637, 658, 660, 654, 659, 638, 662, 663, 661, 665, - 664, 639, 640, 666, 69, 69, 667, 657, 668, 656, - 69, 69, 69, 1996, 670, 669, 676, 673, 658, 660, - 69, 659, 69, 662, 663, 661, 69, 664, 671, 672, - 674, 677, 69, 69, 69, 668, 69, 69, 69, 69, - 675, 670, 669, 69, 673, 678, 679, 69, 69, 69, - 69, 680, 681, 682, 686, 671, 672, 674, 677, 69, - 683, 684, 1996, 685, 69, 687, 69, 675, 69, 691, - 69, 69, 678, 1996, 69, 688, 690, 69, 680, 681, - - 682, 686, 69, 689, 69, 697, 693, 683, 684, 69, - 685, 69, 687, 69, 692, 704, 691, 695, 696, 69, - 69, 694, 688, 690, 69, 698, 69, 699, 69, 700, - 689, 701, 697, 693, 69, 69, 69, 702, 703, 707, - 708, 692, 69, 1996, 695, 696, 69, 69, 694, 706, - 69, 709, 698, 705, 699, 710, 700, 1996, 701, 69, - 69, 713, 69, 69, 702, 703, 714, 716, 715, 711, - 69, 69, 69, 717, 69, 719, 706, 712, 709, 720, - 705, 718, 710, 69, 69, 721, 722, 1996, 713, 69, - 69, 724, 69, 714, 69, 715, 711, 69, 69, 725, - - 717, 726, 719, 728, 712, 723, 69, 727, 718, 729, - 69, 69, 721, 69, 69, 69, 730, 1996, 139, 1996, - 1996, 737, 69, 69, 69, 1996, 725, 1996, 726, 739, - 728, 738, 723, 740, 727, 69, 729, 742, 741, 1996, - 1996, 69, 744, 730, 731, 743, 732, 69, 737, 69, - 733, 746, 734, 745, 69, 69, 739, 735, 738, 1996, - 740, 69, 736, 747, 742, 741, 69, 69, 69, 744, - 750, 731, 743, 732, 69, 69, 748, 733, 746, 734, - 745, 751, 752, 753, 735, 754, 749, 755, 69, 736, - 747, 1996, 69, 756, 69, 763, 69, 750, 69, 773, - - 762, 1996, 1996, 748, 765, 1996, 69, 766, 751, 752, - 753, 764, 754, 749, 767, 69, 768, 69, 69, 69, - 69, 757, 763, 771, 69, 774, 758, 762, 759, 769, - 69, 765, 770, 69, 766, 69, 69, 772, 764, 760, - 69, 767, 69, 768, 776, 777, 761, 69, 757, 69, - 69, 1996, 774, 758, 775, 759, 769, 778, 69, 770, - 69, 779, 69, 782, 772, 780, 760, 781, 783, 69, - 784, 776, 791, 761, 69, 786, 69, 785, 69, 69, - 787, 775, 69, 69, 778, 69, 69, 789, 779, 788, - 782, 790, 780, 69, 781, 783, 69, 784, 792, 69, - - 794, 793, 786, 69, 785, 69, 69, 787, 795, 69, - 69, 796, 69, 798, 789, 797, 788, 799, 790, 800, - 801, 802, 803, 1996, 1996, 792, 804, 794, 793, 1996, - 69, 69, 69, 69, 69, 795, 805, 69, 796, 806, - 798, 807, 797, 69, 799, 808, 812, 801, 802, 809, - 69, 813, 810, 69, 811, 815, 69, 69, 69, 817, - 814, 69, 69, 805, 69, 69, 806, 816, 807, 819, - 69, 69, 808, 812, 818, 820, 809, 69, 813, 810, - 69, 811, 815, 822, 823, 69, 817, 814, 821, 69, - 69, 824, 69, 827, 816, 825, 819, 826, 828, 829, - - 69, 818, 69, 69, 69, 830, 69, 69, 69, 832, - 822, 823, 833, 835, 831, 821, 834, 836, 824, 839, - 827, 69, 825, 69, 826, 837, 829, 69, 69, 69, - 840, 69, 830, 69, 838, 842, 832, 69, 69, 833, - 841, 831, 844, 834, 69, 845, 69, 846, 69, 852, - 69, 69, 837, 69, 850, 69, 69, 840, 847, 853, - 69, 838, 842, 69, 849, 848, 69, 841, 851, 844, - 856, 854, 845, 69, 846, 69, 857, 69, 855, 858, - 69, 850, 859, 69, 861, 847, 864, 862, 860, 69, - 69, 849, 848, 69, 69, 851, 69, 856, 854, 69, - - 69, 69, 863, 857, 69, 855, 858, 865, 866, 859, - 69, 861, 867, 69, 862, 860, 868, 69, 869, 870, - 69, 874, 871, 69, 872, 876, 873, 1996, 1996, 863, - 69, 1996, 877, 69, 865, 866, 875, 69, 878, 867, - 69, 69, 69, 868, 69, 869, 870, 69, 874, 871, - 69, 872, 876, 873, 69, 880, 879, 881, 882, 877, - 69, 883, 884, 875, 69, 878, 885, 888, 887, 69, - 69, 889, 886, 69, 69, 69, 69, 894, 69, 890, - 69, 1996, 880, 879, 881, 882, 69, 69, 883, 884, - 891, 893, 895, 885, 888, 887, 892, 896, 889, 886, - - 69, 903, 69, 69, 897, 69, 890, 898, 69, 69, - 899, 69, 902, 904, 69, 905, 69, 891, 893, 895, - 69, 906, 900, 892, 896, 69, 901, 69, 903, 69, - 908, 897, 907, 910, 898, 69, 909, 899, 911, 902, - 904, 69, 905, 914, 912, 913, 915, 919, 906, 918, - 69, 920, 916, 69, 965, 69, 69, 922, 69, 907, - 910, 69, 69, 909, 69, 911, 69, 69, 917, 69, - 914, 912, 913, 915, 69, 921, 918, 930, 69, 916, - 69, 69, 69, 1996, 922, 69, 931, 1996, 1996, 928, - 938, 933, 935, 69, 1996, 917, 936, 69, 69, 932, - - 69, 934, 921, 923, 930, 939, 944, 937, 924, 69, - 925, 69, 926, 931, 927, 69, 928, 938, 933, 69, - 69, 69, 941, 69, 69, 940, 932, 942, 934, 943, - 923, 69, 939, 69, 937, 924, 69, 925, 69, 926, - 69, 927, 946, 945, 947, 948, 950, 952, 955, 941, - 949, 1996, 940, 951, 942, 69, 943, 953, 69, 954, - 69, 1996, 958, 957, 966, 69, 959, 69, 69, 69, - 945, 947, 948, 69, 69, 69, 956, 949, 960, 69, - 951, 69, 961, 69, 953, 69, 954, 962, 69, 958, - 957, 69, 963, 959, 967, 69, 964, 968, 970, 969, - - 972, 976, 971, 956, 69, 960, 69, 975, 69, 961, - 69, 69, 69, 973, 962, 974, 69, 69, 69, 963, - 69, 967, 69, 964, 977, 970, 969, 69, 69, 971, - 978, 979, 69, 980, 975, 981, 983, 69, 69, 982, - 973, 985, 974, 69, 69, 984, 987, 69, 69, 986, - 69, 977, 988, 989, 997, 1996, 69, 978, 979, 990, - 980, 1996, 981, 983, 993, 69, 982, 69, 985, 994, - 991, 69, 984, 69, 992, 69, 986, 995, 1996, 988, - 989, 996, 69, 998, 999, 69, 990, 1000, 69, 1001, - 69, 993, 1005, 1003, 69, 69, 994, 1996, 1002, 69, - - 69, 69, 69, 1004, 995, 1006, 69, 69, 996, 1007, - 998, 999, 69, 1008, 1000, 69, 1001, 1011, 69, 1005, - 1003, 69, 1009, 1012, 1014, 1002, 1010, 1015, 69, 69, - 1004, 1023, 1006, 1013, 1016, 69, 1007, 69, 1020, 69, - 1008, 69, 1021, 1017, 1011, 1018, 69, 69, 69, 1009, - 1012, 1014, 69, 1010, 1015, 1019, 69, 1022, 1024, 69, - 1013, 1016, 69, 69, 1025, 1020, 1026, 69, 1027, 1021, - 1017, 1028, 1018, 1032, 1030, 1031, 1034, 1033, 1029, 69, - 1035, 1038, 1019, 69, 1022, 69, 69, 1996, 69, 69, - 69, 1025, 69, 1026, 69, 69, 69, 69, 1028, 1036, - - 1032, 1030, 1031, 1037, 1033, 1029, 1039, 69, 1038, 1040, - 1041, 1042, 69, 1043, 69, 1045, 1046, 69, 69, 1996, - 1044, 69, 1051, 1047, 69, 1053, 1048, 1049, 69, 1050, - 69, 69, 1052, 1039, 69, 69, 1040, 1041, 1042, 1054, - 1043, 69, 69, 1046, 69, 1055, 69, 1044, 1056, 1051, - 1047, 69, 1053, 1048, 1049, 1057, 1050, 1058, 1065, 1052, - 69, 1060, 1059, 69, 1061, 69, 1054, 1996, 1066, 1062, - 1067, 1071, 1055, 1063, 1069, 69, 69, 69, 69, 69, - 69, 1068, 1057, 69, 1058, 1065, 1064, 1073, 1060, 1059, - 1072, 1061, 69, 1074, 69, 69, 1062, 1067, 1070, 69, - - 1063, 1069, 69, 1075, 69, 69, 1076, 1996, 1068, 69, - 1077, 1078, 1079, 1064, 1073, 1080, 1081, 1072, 1083, 69, - 1074, 1082, 69, 69, 1084, 1070, 1086, 1087, 69, 1089, - 1090, 69, 1085, 69, 69, 69, 69, 69, 1078, 1079, - 1088, 69, 1080, 1081, 69, 1083, 69, 69, 1082, 1091, - 69, 1084, 1092, 69, 1087, 69, 1089, 1090, 1093, 1085, - 1094, 1095, 1096, 1996, 1097, 69, 69, 1088, 1098, 1996, - 1099, 69, 1102, 1100, 1101, 69, 1091, 69, 1104, 1092, - 69, 69, 69, 1106, 1105, 1093, 1103, 1094, 69, 1096, - 69, 1097, 69, 69, 69, 1098, 1108, 1099, 1110, 1102, - - 1100, 1101, 1107, 69, 1109, 1104, 69, 1111, 1115, 69, - 1114, 1105, 1112, 1103, 69, 69, 1113, 69, 1120, 69, - 1121, 1116, 1996, 69, 1123, 69, 1126, 69, 69, 1107, - 1131, 1109, 1122, 69, 1111, 1115, 69, 1114, 1117, 1112, - 1125, 1118, 69, 1113, 1127, 1133, 69, 1121, 1116, 69, - 69, 1123, 1124, 1119, 69, 1129, 1132, 69, 1136, 1122, - 1128, 69, 69, 69, 69, 1117, 1130, 1125, 1118, 69, - 69, 1127, 1135, 69, 1137, 1138, 69, 1134, 69, 1124, - 1119, 69, 1129, 1132, 69, 69, 1143, 1128, 1139, 1144, - 1140, 1142, 1141, 1130, 69, 69, 69, 69, 1147, 1135, - - 69, 1137, 1138, 1145, 1134, 69, 69, 1146, 1149, 1151, - 69, 69, 1152, 1143, 69, 1139, 1148, 1140, 1142, 1141, - 69, 1150, 69, 1996, 69, 1147, 1153, 1156, 69, 1154, - 1145, 69, 1155, 1160, 1146, 69, 1151, 1157, 69, 1152, - 1161, 1162, 1158, 1148, 1163, 1165, 69, 69, 1150, 69, - 1159, 1164, 69, 1153, 1156, 1170, 1154, 1169, 1167, 1155, - 69, 1168, 69, 69, 1157, 69, 69, 69, 1162, 1158, - 1171, 1163, 1165, 1166, 1174, 69, 69, 1159, 1164, 1173, - 1172, 69, 1175, 69, 1169, 1167, 69, 69, 1168, 1177, - 1178, 1176, 69, 69, 1179, 69, 1180, 69, 1183, 1181, - - 1166, 1174, 69, 69, 69, 1184, 1173, 1172, 1996, 1175, - 69, 1182, 1186, 1189, 1192, 1187, 1177, 1178, 1176, 1185, - 69, 1179, 69, 1180, 1188, 1183, 1181, 1190, 1191, 69, - 69, 69, 1184, 69, 1194, 1193, 69, 1195, 1182, 1186, - 1199, 69, 1187, 1196, 69, 69, 1185, 1197, 69, 1201, - 69, 1188, 1204, 1198, 1190, 1191, 69, 69, 1200, 1207, - 1202, 1194, 1193, 69, 1203, 1996, 1206, 1199, 69, 69, - 1196, 69, 69, 1205, 1197, 69, 1201, 69, 1209, 1213, - 1198, 1208, 1210, 69, 69, 1200, 69, 1202, 69, 1211, - 1212, 1203, 1214, 1206, 1216, 1215, 69, 69, 1218, 1219, - - 1205, 69, 1217, 1222, 69, 1209, 1213, 69, 1208, 1210, - 1226, 69, 69, 1220, 69, 69, 1211, 1212, 69, 1214, - 1223, 69, 1215, 1221, 1224, 1218, 1219, 1225, 69, 1217, - 1228, 69, 1227, 69, 69, 69, 1229, 69, 1231, 1996, - 1220, 1996, 1230, 1236, 1233, 1996, 1232, 1223, 69, 1234, - 1221, 1224, 1237, 1235, 1225, 69, 69, 69, 69, 1227, - 69, 69, 1242, 1229, 1238, 69, 69, 69, 69, 1230, - 1236, 1233, 1241, 1232, 69, 1243, 1234, 1239, 1240, 1237, - 1235, 1244, 69, 1246, 69, 69, 1245, 69, 1247, 69, - 69, 1238, 1249, 1248, 69, 1250, 1251, 1253, 1252, 1241, - - 69, 69, 1254, 1255, 1239, 1240, 69, 1257, 1244, 1256, - 1246, 1261, 1258, 1245, 69, 69, 1259, 1274, 69, 69, - 1248, 69, 1250, 69, 1260, 1252, 69, 1996, 69, 1254, - 1262, 1263, 1264, 1266, 69, 1268, 1256, 1265, 69, 1258, - 69, 1267, 69, 69, 69, 69, 1269, 1291, 69, 1272, - 69, 1260, 1270, 69, 1276, 1273, 1271, 1262, 1263, 1264, - 1266, 69, 69, 1279, 1265, 1277, 69, 1280, 1267, 1275, - 69, 1282, 69, 1269, 1278, 1281, 1272, 1996, 69, 69, - 69, 1276, 1273, 69, 1284, 1283, 1996, 1285, 1290, 69, - 1279, 1287, 1277, 69, 69, 1296, 1275, 69, 69, 1286, - - 69, 1278, 1281, 1293, 69, 69, 1288, 69, 1289, 1292, - 69, 1284, 1283, 1294, 1285, 1290, 69, 69, 1287, 69, - 1295, 1297, 69, 69, 1996, 1299, 1286, 1298, 1996, 1300, - 1293, 1301, 69, 1288, 1305, 1289, 1292, 69, 1302, 1312, - 1303, 1304, 69, 69, 69, 69, 69, 1306, 1297, 69, - 1309, 69, 1299, 1311, 1298, 1307, 1300, 1308, 1301, 69, - 69, 1305, 69, 69, 1310, 1302, 69, 1303, 1304, 69, - 1313, 69, 1315, 69, 1306, 1314, 1317, 1309, 1319, 1320, - 1311, 1316, 1307, 1318, 1308, 69, 69, 69, 1321, 69, - 69, 1310, 1322, 1323, 1324, 69, 1325, 1313, 1326, 69, - - 1327, 1996, 1314, 1317, 1331, 1328, 69, 1329, 1316, 69, - 1318, 69, 1330, 1332, 69, 69, 1333, 1336, 69, 69, - 1996, 1324, 69, 1325, 69, 1335, 1334, 1327, 69, 69, - 1337, 1338, 1328, 1340, 1329, 69, 1996, 1341, 1339, 1330, - 1332, 69, 1342, 69, 1336, 69, 1344, 69, 1343, 69, - 1345, 1348, 1335, 1334, 69, 1346, 1347, 69, 69, 69, - 1340, 1996, 1350, 69, 1341, 1339, 69, 1351, 69, 1342, - 69, 69, 1349, 1344, 69, 1343, 69, 1345, 69, 69, - 69, 1353, 1346, 1347, 1352, 1354, 1355, 1356, 1359, 1350, - 1996, 1360, 69, 1362, 1351, 1357, 1366, 69, 1361, 1349, - - 69, 1996, 1363, 1369, 69, 1370, 1358, 69, 1353, 69, - 1365, 1352, 1354, 69, 1356, 1359, 69, 69, 1360, 1364, - 69, 69, 1357, 69, 1367, 1361, 1368, 69, 69, 1363, - 1369, 69, 69, 1358, 69, 1371, 1372, 1365, 1373, 1374, - 1996, 1375, 1996, 69, 1376, 1377, 1364, 69, 1379, 69, - 1996, 1367, 69, 1368, 1378, 69, 1996, 69, 1380, 69, - 69, 1381, 1371, 1372, 69, 1373, 1374, 1385, 1375, 69, - 69, 1376, 1377, 1383, 1382, 1379, 1384, 1386, 1387, 1996, - 69, 1378, 69, 69, 1388, 1380, 1391, 69, 1381, 69, - 1389, 1390, 1392, 1394, 1385, 1393, 69, 1400, 1395, 69, - - 1383, 1382, 69, 1384, 1386, 1387, 69, 1396, 1397, 69, - 69, 1388, 1398, 1391, 1401, 69, 1406, 1389, 1390, 69, - 1394, 69, 1393, 69, 1399, 1395, 1402, 1403, 69, 69, - 69, 69, 1407, 1413, 1396, 1397, 69, 1404, 1408, 1398, - 69, 1401, 1405, 69, 1410, 69, 69, 1996, 69, 1409, - 69, 1399, 1411, 1402, 1403, 69, 69, 1412, 69, 1407, - 1413, 1416, 1417, 1414, 1404, 1408, 1415, 1418, 1419, 1405, - 1420, 1423, 1996, 1422, 69, 69, 1409, 1421, 69, 1411, - 1425, 69, 69, 69, 1412, 69, 69, 69, 1416, 69, - 1414, 69, 69, 1415, 1418, 1419, 1424, 1420, 1423, 69, - - 1422, 1426, 1428, 1427, 1421, 69, 1429, 1425, 69, 1430, - 1431, 1433, 1434, 1432, 69, 1440, 1996, 1442, 1435, 1996, - 69, 1436, 69, 1424, 69, 1444, 1448, 69, 1426, 1428, - 1427, 69, 1437, 1429, 69, 1443, 1430, 69, 69, 1434, - 1432, 69, 1440, 69, 69, 1435, 69, 1438, 1436, 1441, - 1446, 1439, 69, 69, 1445, 1447, 69, 69, 1450, 1437, - 1454, 1449, 1443, 1457, 69, 69, 1451, 1452, 69, 1453, - 1455, 1458, 69, 69, 69, 1456, 1441, 1446, 69, 1460, - 69, 1445, 1447, 69, 69, 69, 1459, 1454, 1449, 69, - 1457, 69, 69, 1451, 1452, 1461, 1453, 1455, 69, 1462, - - 69, 1465, 1456, 1463, 1464, 69, 1460, 1466, 1467, 69, - 69, 69, 69, 1459, 1468, 1470, 69, 69, 1469, 1471, - 69, 69, 1461, 1472, 1473, 1475, 1462, 1474, 1465, 1476, - 1463, 1464, 1477, 69, 1466, 1467, 1478, 1479, 69, 69, - 69, 1468, 1470, 1480, 1484, 1469, 69, 69, 1481, 69, - 1472, 1473, 1475, 1485, 1474, 69, 1476, 69, 1482, 69, - 1486, 1483, 1488, 69, 1479, 1487, 1490, 1491, 1489, 1493, - 1480, 69, 1494, 69, 69, 1481, 69, 69, 1492, 1496, - 69, 1498, 1495, 1502, 1996, 1482, 69, 69, 1483, 69, - 69, 69, 1487, 69, 69, 1489, 1493, 1499, 1497, 69, - - 1500, 1504, 69, 1503, 1505, 1492, 69, 69, 1498, 1495, - 69, 69, 69, 69, 1506, 1501, 1507, 1509, 1508, 1511, - 1996, 69, 69, 69, 1499, 1497, 69, 1500, 1504, 69, - 1503, 1505, 1510, 1513, 1514, 69, 1515, 1517, 1516, 1512, - 1520, 69, 1501, 1507, 1509, 1508, 69, 69, 1518, 1519, - 1522, 69, 69, 1525, 69, 69, 69, 1523, 1528, 1510, - 69, 1514, 69, 1515, 1517, 1516, 1512, 1520, 1521, 1524, - 69, 69, 69, 1526, 69, 1518, 1519, 1522, 1529, 69, - 1525, 69, 1532, 1530, 1523, 1527, 1531, 1533, 1996, 69, - 69, 69, 1540, 1996, 1534, 1521, 1524, 1996, 69, 1538, - - 1526, 69, 1535, 1541, 69, 1529, 1539, 69, 69, 1532, - 1530, 69, 1527, 1531, 1542, 1536, 1543, 1537, 69, 1540, - 69, 1534, 69, 69, 69, 1544, 1538, 69, 1545, 1535, - 1541, 1546, 1547, 1539, 1548, 1549, 69, 1552, 1550, 1551, - 69, 1542, 1536, 1543, 1537, 69, 1553, 69, 1554, 1555, - 69, 69, 1544, 1996, 1563, 69, 1556, 1560, 69, 1547, - 69, 1548, 1549, 69, 1552, 1550, 1551, 1557, 1559, 69, - 1558, 1562, 69, 1553, 69, 1554, 69, 69, 69, 1561, - 69, 69, 1564, 1556, 1560, 69, 69, 1567, 1565, 1566, - 1573, 69, 1996, 69, 1557, 1559, 1569, 1558, 1562, 69, - - 1568, 1570, 1572, 69, 1571, 1575, 1561, 1574, 1578, 1564, - 1579, 69, 1580, 1576, 69, 1565, 1566, 1573, 69, 69, - 1577, 69, 69, 1569, 1581, 1582, 69, 1568, 1570, 1572, - 69, 1571, 69, 69, 1574, 69, 69, 69, 1584, 1583, - 1576, 1585, 69, 69, 69, 1587, 1586, 1577, 1589, 69, - 69, 1581, 1582, 1588, 1590, 1591, 1592, 1996, 1597, 1598, - 69, 69, 1593, 69, 1595, 1584, 1583, 69, 1585, 1594, - 1596, 69, 69, 1586, 1599, 1600, 1608, 69, 1601, 69, - 1588, 1590, 1591, 69, 69, 69, 69, 69, 1602, 1593, - 69, 1595, 69, 1603, 69, 1604, 1594, 1596, 1605, 1606, - - 1607, 69, 1600, 69, 1612, 1601, 1609, 69, 69, 1611, - 69, 1610, 69, 69, 69, 1602, 69, 1614, 69, 1615, - 1603, 69, 1604, 1616, 69, 1605, 1606, 1607, 1617, 1613, - 69, 1612, 69, 1609, 1618, 1619, 1611, 69, 1610, 69, - 1621, 69, 1620, 1622, 1614, 69, 1615, 1623, 1626, 1632, - 1616, 1624, 1627, 69, 1625, 1617, 1613, 69, 69, 69, - 1631, 1618, 1619, 69, 69, 1628, 1996, 69, 1635, 1620, - 69, 1630, 1633, 69, 1623, 1626, 69, 1629, 1624, 1627, - 69, 1625, 1634, 69, 69, 1636, 69, 1631, 69, 1639, - 69, 69, 1628, 1637, 1638, 1635, 1641, 69, 1630, 1633, - - 69, 1643, 69, 69, 1629, 1640, 1642, 1644, 1646, 1634, - 69, 1647, 1636, 69, 1645, 1650, 1639, 1648, 69, 69, - 1637, 1638, 69, 69, 69, 1649, 1653, 1651, 1643, 1655, - 69, 1652, 1640, 69, 1644, 1646, 1654, 69, 1647, 69, - 69, 1645, 1650, 1656, 1648, 69, 1658, 69, 1657, 1659, - 1660, 1661, 1649, 1653, 1651, 69, 69, 69, 1652, 1662, - 69, 1664, 69, 1654, 1666, 1663, 1667, 1996, 1668, 1670, - 1656, 1996, 69, 69, 69, 1657, 1659, 1660, 1661, 69, - 1669, 1665, 1671, 69, 1672, 69, 69, 1996, 69, 69, - 1673, 69, 1663, 69, 69, 1668, 1670, 1674, 1676, 1675, - - 69, 1677, 1679, 1680, 1681, 69, 69, 1669, 1665, 1671, - 69, 1672, 69, 1678, 69, 1683, 1682, 1673, 69, 1684, - 1686, 1687, 1685, 69, 1674, 1676, 1675, 1688, 1677, 1679, - 69, 69, 1689, 1690, 1996, 69, 69, 69, 1696, 1691, - 1678, 69, 1683, 1682, 69, 1693, 1692, 69, 69, 1685, - 69, 1694, 1695, 69, 1688, 1996, 69, 69, 1697, 1698, - 1690, 69, 1699, 69, 69, 1696, 1691, 1996, 1996, 1700, - 69, 69, 1693, 1692, 69, 1701, 1702, 1704, 1694, 1695, - 1703, 69, 69, 69, 1705, 1697, 1698, 1708, 1712, 1699, - 1706, 1707, 69, 69, 69, 69, 1700, 69, 1710, 69, - - 1709, 1711, 1701, 1702, 1704, 1996, 69, 1703, 69, 1714, - 1715, 1705, 1713, 69, 69, 69, 69, 1706, 1707, 1716, - 69, 1717, 1718, 1722, 1720, 1710, 1723, 1709, 1711, 1721, - 1719, 1724, 69, 1726, 1725, 69, 1714, 69, 69, 1713, - 69, 69, 69, 69, 69, 1727, 1716, 69, 1717, 1718, - 1722, 1720, 69, 1723, 1728, 1729, 1721, 1719, 69, 69, - 1726, 1725, 1730, 1731, 1732, 1734, 1733, 1735, 1741, 1996, - 1996, 1737, 69, 69, 1736, 1738, 1739, 1740, 69, 69, - 69, 1728, 69, 1742, 1745, 1743, 1744, 1996, 1749, 69, - 69, 1732, 1763, 1733, 69, 69, 69, 69, 69, 69, - - 1746, 1736, 69, 1739, 1740, 69, 69, 1747, 1748, 69, - 1742, 1745, 1743, 1744, 69, 69, 1750, 1751, 1752, 69, - 1753, 69, 1754, 1758, 69, 1755, 69, 1746, 1756, 1996, - 69, 1757, 1759, 69, 1747, 1748, 69, 1996, 1760, 69, - 1766, 1767, 1764, 1750, 1751, 1752, 69, 1753, 69, 1754, - 1758, 69, 1755, 69, 1761, 1756, 69, 1762, 1757, 1759, - 1769, 69, 1765, 69, 69, 1760, 69, 69, 1767, 1764, - 1768, 69, 1770, 1771, 1772, 1776, 1773, 1996, 1775, 69, - 1774, 1761, 1780, 1778, 1762, 1777, 69, 69, 1779, 1765, - 69, 69, 69, 69, 1781, 69, 1782, 1768, 69, 1770, - - 1771, 1772, 1776, 69, 69, 1775, 1783, 69, 1784, 1780, - 1778, 1785, 1777, 1786, 69, 1779, 1789, 1788, 1787, 1790, - 69, 1781, 1792, 1782, 69, 69, 1791, 1793, 69, 1795, - 1794, 69, 69, 1783, 69, 1784, 69, 1798, 1785, 1797, - 69, 1799, 1796, 1801, 1788, 1787, 1790, 69, 69, 1792, - 69, 69, 1800, 1791, 1802, 69, 69, 1794, 69, 1803, - 1807, 69, 1805, 1804, 69, 69, 1797, 69, 1799, 1796, - 1801, 1806, 69, 1809, 1810, 69, 1811, 1808, 1813, 1800, - 1812, 1802, 69, 1816, 69, 69, 1803, 69, 1814, 1805, - 1804, 69, 1815, 1996, 1817, 69, 69, 1820, 1806, 1818, - - 69, 69, 69, 69, 1808, 69, 1819, 1812, 1821, 1822, - 1816, 69, 69, 1823, 1825, 1814, 1824, 69, 1826, 1815, - 69, 1817, 1827, 69, 69, 1829, 1818, 1830, 69, 1828, - 1832, 1831, 69, 1819, 1833, 69, 1822, 1836, 69, 1837, - 1823, 69, 69, 1824, 69, 1826, 1839, 1838, 69, 1827, - 1840, 69, 1829, 69, 1830, 69, 1828, 1832, 1831, 1834, - 1835, 1842, 1841, 1843, 69, 69, 69, 1844, 1845, 69, - 1846, 1847, 69, 69, 1838, 69, 1848, 1840, 1849, 1853, - 1850, 1852, 1854, 69, 1851, 1856, 1834, 1835, 1842, 1841, - 69, 69, 69, 69, 69, 69, 1855, 1846, 69, 69, - - 1857, 1861, 69, 1848, 69, 69, 69, 1850, 1852, 1854, - 1858, 1851, 69, 1859, 1860, 69, 69, 69, 1864, 1862, - 69, 1863, 69, 1855, 1865, 1866, 1867, 1857, 1861, 69, - 69, 1870, 69, 1868, 69, 1869, 69, 1858, 69, 1871, - 1859, 1860, 69, 1873, 1872, 1864, 1862, 1875, 1863, 1874, - 1876, 1865, 1866, 1867, 1878, 69, 1877, 1996, 69, 69, - 1868, 1879, 1869, 1882, 1881, 1883, 69, 69, 1884, 69, - 69, 1872, 69, 69, 69, 1880, 1874, 1876, 1885, 1889, - 1892, 69, 69, 1877, 69, 1886, 1887, 69, 1879, 69, - 1882, 1881, 69, 1888, 1890, 69, 1891, 1893, 69, 69, - - 69, 69, 1880, 1894, 69, 1885, 1889, 69, 1895, 1896, - 1897, 1900, 1886, 1887, 1898, 1899, 69, 1902, 1903, 1901, - 1888, 1890, 1904, 1891, 69, 69, 69, 69, 1908, 1996, - 69, 69, 1996, 1909, 1996, 1895, 69, 1897, 69, 1905, - 69, 1898, 1899, 69, 69, 1903, 1901, 69, 69, 1904, - 1906, 1907, 69, 1912, 1910, 1908, 69, 1911, 1913, 69, - 1909, 69, 69, 1914, 1915, 1916, 1905, 1918, 1919, 69, - 69, 69, 69, 69, 1920, 69, 69, 1906, 1907, 69, - 1912, 1910, 1921, 1922, 1911, 1913, 1917, 1923, 69, 1924, - 1914, 1915, 1916, 1925, 1918, 1919, 1926, 1928, 69, 1929, - - 69, 69, 1930, 1933, 1934, 1927, 1931, 1996, 1996, 1921, - 69, 69, 69, 1917, 69, 69, 1924, 69, 69, 1932, - 1925, 1943, 1936, 1926, 1935, 1996, 1929, 69, 69, 69, - 1937, 1938, 1927, 1931, 69, 69, 69, 69, 69, 1939, - 1940, 1941, 1942, 69, 69, 1945, 1932, 69, 1943, 1936, - 69, 1935, 1944, 69, 69, 69, 1946, 1937, 1938, 1947, - 1951, 1952, 1948, 1949, 1996, 1950, 1939, 1940, 1941, 1942, - 1954, 1996, 1945, 69, 69, 1953, 1956, 1996, 69, 1944, - 1996, 69, 69, 1946, 69, 69, 1947, 1959, 69, 1948, - 1949, 69, 1950, 1955, 1958, 69, 1957, 1954, 1960, 1962, - - 1964, 69, 1953, 1961, 69, 1963, 69, 69, 69, 69, - 1965, 69, 1966, 69, 1959, 1967, 1969, 1971, 69, 1996, - 1955, 1958, 69, 1957, 1968, 1960, 1962, 1964, 1996, 1972, - 1961, 69, 1963, 1973, 1996, 1975, 69, 1965, 69, 1966, - 1970, 69, 1967, 1969, 69, 1996, 69, 1974, 69, 69, - 1976, 1968, 1981, 69, 1977, 69, 1972, 69, 69, 1985, - 1973, 1978, 1975, 1979, 1980, 1982, 1996, 1970, 1984, 1986, - 1987, 69, 69, 69, 1974, 1988, 69, 1976, 69, 1981, - 1989, 1977, 1990, 69, 1991, 1983, 69, 1994, 1978, 69, - 1979, 1980, 1982, 69, 69, 1984, 1986, 69, 1995, 1996, - - 69, 1996, 69, 1996, 69, 1992, 69, 1989, 1993, 1990, - 1996, 1991, 1983, 69, 69, 1996, 69, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 69, 1996, 1996, 1996, 1996, - 1996, 1996, 1992, 1996, 1996, 1993, 41, 41, 41, 41, - 41, 41, 41, 46, 46, 46, 46, 46, 46, 46, - 51, 51, 51, 51, 51, 51, 51, 57, 57, 57, - 57, 57, 57, 57, 62, 62, 62, 62, 62, 62, - 62, 72, 72, 1996, 72, 72, 72, 72, 129, 129, - 1996, 1996, 1996, 129, 129, 131, 131, 1996, 1996, 131, - 1996, 131, 133, 1996, 1996, 1996, 1996, 1996, 133, 136, - - 136, 1996, 1996, 1996, 136, 136, 138, 1996, 1996, 1996, - 1996, 1996, 138, 140, 140, 1996, 140, 140, 140, 140, - 73, 73, 1996, 73, 73, 73, 73, 13, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996 - + 14, 14, 18, 20, 14, 21, 22, 23, 24, 14, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 14, 14, 14, 14, 40, + 20, 14, 21, 22, 23, 24, 14, 25, 26, 27, + 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 14, 14, 14, 14, 42, 43, 44, 42, + 43, 44, 47, 48, 47, 48, 49, 97, 49, 52, + 53, 54, 55, 805, 18, 52, 53, 54, 55, 69, + 18, 58, 59, 60, 58, 59, 60, 70, 131, 131, + + 68, 71, 87, 45, 97, 133, 45, 141, 133, 50, + 73, 50, 73, 73, 69, 73, 141, 56, 99, 138, + 138, 73, 88, 56, 139, 69, 75, 76, 61, 87, + 69, 61, 15, 16, 17, 63, 64, 65, 15, 16, + 17, 63, 64, 65, 77, 99, 89, 137, 74, 88, + 69, 91, 66, 75, 76, 78, 145, 107, 66, 92, + 90, 70, 79, 69, 990, 71, 80, 173, 98, 81, + 67, 77, 69, 89, 131, 131, 67, 69, 91, 66, + 69, 69, 78, 145, 107, 66, 92, 90, 93, 79, + 69, 94, 69, 80, 100, 98, 81, 82, 95, 69, + + 96, 83, 101, 136, 84, 197, 85, 86, 102, 134, + 104, 69, 103, 113, 105, 93, 147, 69, 94, 69, + 69, 100, 146, 69, 82, 95, 69, 96, 83, 101, + 106, 84, 197, 85, 86, 102, 69, 104, 114, 103, + 113, 105, 115, 147, 133, 69, 123, 133, 124, 146, + 179, 132, 116, 69, 126, 117, 157, 106, 108, 127, + 69, 69, 109, 125, 69, 114, 128, 69, 110, 115, + 129, 111, 69, 123, 130, 124, 151, 179, 112, 116, + 69, 126, 117, 157, 141, 108, 127, 138, 138, 109, + 125, 144, 69, 128, 69, 110, 208, 129, 111, 158, + + 897, 130, 69, 151, 141, 112, 118, 69, 68, 119, + 68, 68, 135, 68, 135, 135, 120, 135, 144, 68, + 121, 122, 73, 208, 73, 73, 158, 73, 69, 140, + 69, 140, 140, 118, 140, 68, 119, 68, 68, 73, + 68, 73, 73, 120, 73, 148, 68, 121, 122, 152, + 73, 161, 150, 153, 155, 156, 139, 159, 149, 154, + 143, 69, 69, 69, 69, 137, 162, 163, 166, 69, + 136, 357, 148, 69, 69, 160, 152, 74, 161, 150, + 153, 155, 156, 69, 167, 149, 154, 164, 165, 69, + 168, 69, 174, 162, 163, 166, 69, 69, 69, 180, + + 69, 134, 160, 69, 169, 175, 69, 170, 183, 177, + 182, 167, 69, 178, 164, 165, 181, 168, 184, 174, + 171, 172, 69, 188, 132, 176, 180, 69, 69, 69, + 69, 169, 175, 69, 170, 183, 177, 182, 69, 69, + 178, 185, 186, 181, 187, 184, 69, 171, 172, 69, + 188, 189, 176, 69, 190, 69, 192, 194, 191, 195, + 69, 193, 198, 69, 69, 196, 201, 202, 185, 186, + 69, 187, 2164, 69, 2164, 204, 69, 2164, 189, 2164, + 69, 190, 203, 192, 194, 191, 195, 69, 193, 198, + 199, 206, 196, 201, 200, 205, 207, 69, 2164, 69, + + 69, 69, 204, 69, 209, 211, 213, 69, 214, 203, + 2164, 212, 2164, 2164, 2164, 69, 2164, 199, 206, 2164, + 2164, 200, 205, 207, 215, 210, 69, 69, 216, 69, + 69, 209, 211, 213, 135, 214, 135, 135, 212, 135, + 140, 217, 140, 140, 73, 140, 73, 73, 141, 73, + 69, 215, 210, 218, 220, 216, 219, 221, 2164, 223, + 224, 225, 69, 222, 229, 69, 69, 226, 2164, 69, + 227, 2164, 228, 69, 238, 69, 2164, 258, 69, 2164, + 218, 220, 143, 219, 221, 69, 223, 224, 316, 240, + 222, 230, 69, 69, 226, 231, 69, 227, 69, 228, + + 69, 238, 239, 241, 242, 243, 246, 245, 69, 69, + 69, 69, 232, 2164, 244, 249, 240, 69, 69, 69, + 69, 2164, 231, 2164, 69, 69, 250, 251, 69, 239, + 241, 242, 243, 246, 245, 259, 69, 262, 2164, 232, + 233, 244, 249, 247, 256, 234, 248, 263, 69, 69, + 235, 69, 2164, 250, 251, 257, 236, 237, 69, 252, + 265, 69, 259, 69, 253, 69, 69, 233, 260, 69, + 247, 256, 234, 248, 263, 264, 254, 235, 255, 261, + 267, 69, 257, 236, 237, 69, 252, 266, 268, 2164, + 269, 253, 69, 2164, 270, 271, 274, 272, 273, 275, + + 69, 69, 264, 254, 69, 255, 261, 277, 69, 69, + 69, 284, 69, 276, 266, 287, 69, 269, 69, 69, + 69, 270, 271, 274, 272, 273, 275, 69, 279, 69, + 278, 280, 281, 282, 277, 291, 283, 289, 69, 69, + 276, 69, 69, 69, 285, 286, 290, 69, 294, 297, + 2164, 2164, 304, 69, 69, 279, 69, 278, 280, 281, + 282, 288, 69, 283, 289, 293, 69, 69, 69, 292, + 295, 285, 286, 290, 69, 294, 306, 69, 298, 300, + 69, 69, 301, 69, 69, 303, 302, 307, 288, 305, + 2164, 309, 293, 296, 69, 299, 292, 141, 311, 69, + + 69, 2164, 69, 69, 69, 298, 300, 313, 69, 301, + 308, 69, 303, 302, 307, 310, 305, 69, 309, 312, + 296, 69, 299, 69, 314, 311, 315, 317, 69, 318, + 320, 69, 319, 321, 313, 2164, 69, 308, 322, 325, + 323, 69, 310, 324, 327, 69, 312, 328, 330, 69, + 2164, 314, 69, 315, 317, 69, 318, 320, 69, 319, + 321, 69, 69, 69, 326, 322, 329, 323, 331, 332, + 324, 69, 334, 69, 328, 69, 69, 69, 69, 333, + 69, 335, 338, 337, 2164, 69, 69, 336, 69, 339, + 343, 326, 69, 329, 340, 331, 332, 2164, 69, 334, + + 342, 344, 345, 341, 2164, 69, 333, 69, 335, 338, + 337, 69, 69, 364, 336, 69, 339, 69, 350, 351, + 69, 340, 69, 346, 353, 69, 2164, 342, 344, 345, + 341, 347, 348, 354, 349, 2164, 69, 352, 69, 358, + 69, 69, 2164, 69, 359, 350, 351, 360, 69, 370, + 346, 353, 355, 356, 69, 361, 69, 362, 347, 348, + 354, 349, 366, 69, 352, 363, 358, 69, 365, 367, + 369, 359, 368, 372, 360, 69, 370, 69, 374, 355, + 356, 69, 361, 69, 362, 69, 371, 375, 69, 366, + 69, 526, 363, 373, 69, 365, 367, 369, 69, 368, + + 69, 376, 378, 380, 379, 69, 385, 377, 2164, 69, + 69, 2164, 389, 371, 375, 386, 69, 384, 69, 69, + 373, 2164, 381, 69, 390, 382, 69, 383, 376, 378, + 380, 379, 387, 69, 377, 69, 69, 69, 69, 389, + 388, 392, 386, 391, 384, 394, 69, 410, 402, 381, + 404, 390, 382, 403, 383, 405, 69, 393, 69, 387, + 69, 408, 2164, 406, 452, 69, 407, 388, 392, 141, + 391, 69, 394, 69, 69, 402, 409, 411, 69, 69, + 403, 69, 69, 69, 393, 395, 396, 412, 408, 413, + 406, 452, 2164, 407, 69, 397, 69, 398, 399, 400, + + 2164, 415, 401, 409, 411, 414, 416, 417, 418, 421, + 69, 2164, 395, 396, 412, 69, 413, 69, 69, 419, + 423, 424, 397, 69, 398, 399, 400, 420, 415, 401, + 427, 69, 414, 416, 69, 418, 422, 69, 69, 69, + 69, 69, 428, 69, 425, 426, 419, 423, 424, 429, + 431, 430, 2164, 69, 420, 2164, 432, 427, 435, 433, + 69, 2164, 441, 422, 69, 2164, 2164, 69, 436, 428, + 440, 444, 443, 69, 434, 69, 429, 431, 430, 69, + 437, 69, 69, 432, 69, 435, 433, 442, 69, 441, + 69, 438, 446, 439, 445, 436, 450, 440, 69, 443, + + 69, 434, 447, 69, 448, 449, 451, 437, 453, 454, + 69, 2164, 69, 69, 442, 455, 476, 457, 438, 446, + 439, 445, 69, 450, 456, 69, 69, 458, 69, 447, + 69, 448, 449, 451, 69, 453, 461, 459, 69, 69, + 460, 69, 455, 462, 457, 69, 463, 464, 69, 465, + 2164, 456, 69, 69, 458, 69, 466, 2164, 468, 69, + 467, 469, 2164, 461, 459, 470, 69, 460, 69, 69, + 462, 471, 69, 463, 464, 69, 465, 69, 507, 69, + 480, 475, 69, 466, 477, 468, 69, 467, 469, 474, + 478, 472, 470, 473, 69, 481, 69, 479, 471, 69, + + 69, 482, 69, 483, 69, 507, 485, 480, 475, 486, + 69, 477, 69, 523, 489, 488, 474, 478, 472, 69, + 473, 69, 69, 491, 479, 69, 484, 69, 482, 487, + 2164, 69, 490, 485, 69, 69, 486, 69, 492, 493, + 523, 489, 488, 501, 69, 69, 502, 69, 500, 69, + 491, 69, 503, 484, 505, 69, 487, 69, 2164, 490, + 509, 506, 504, 2164, 510, 492, 493, 494, 69, 508, + 501, 69, 495, 502, 496, 500, 69, 2164, 69, 2164, + 511, 505, 497, 521, 69, 498, 69, 509, 506, 504, + 512, 510, 499, 69, 494, 69, 508, 513, 514, 495, + + 515, 496, 69, 69, 518, 69, 517, 511, 516, 497, + 525, 519, 498, 520, 69, 69, 69, 512, 527, 499, + 524, 529, 69, 2164, 513, 514, 69, 515, 522, 69, + 528, 518, 69, 517, 69, 516, 141, 525, 519, 530, + 520, 531, 533, 69, 532, 69, 534, 524, 535, 537, + 69, 536, 541, 69, 69, 522, 69, 528, 538, 69, + 69, 542, 544, 539, 69, 69, 530, 540, 531, 533, + 69, 532, 543, 534, 545, 535, 537, 546, 536, 69, + 547, 69, 2164, 548, 549, 551, 69, 550, 69, 69, + 69, 552, 69, 553, 540, 557, 2164, 555, 2164, 558, + + 2164, 69, 559, 2164, 69, 69, 69, 547, 69, 69, + 548, 549, 551, 554, 550, 69, 69, 564, 556, 69, + 553, 69, 69, 69, 555, 69, 558, 69, 560, 559, + 563, 566, 565, 561, 567, 568, 569, 562, 2164, 69, + 554, 69, 571, 69, 564, 556, 2164, 570, 69, 572, + 2164, 574, 69, 69, 582, 560, 69, 563, 566, 565, + 561, 567, 568, 575, 562, 69, 69, 2164, 69, 571, + 576, 573, 69, 69, 570, 577, 572, 578, 574, 581, + 580, 69, 579, 2164, 583, 69, 69, 587, 584, 69, + 575, 69, 585, 589, 69, 586, 69, 576, 573, 69, + + 69, 590, 577, 592, 578, 69, 581, 580, 588, 579, + 591, 583, 69, 2164, 587, 584, 69, 69, 593, 585, + 596, 69, 586, 69, 594, 69, 598, 69, 590, 595, + 592, 2164, 597, 599, 69, 588, 600, 601, 603, 2164, + 69, 69, 69, 605, 604, 593, 69, 596, 606, 2164, + 607, 2164, 602, 69, 69, 608, 69, 69, 69, 597, + 599, 69, 609, 600, 601, 603, 69, 611, 617, 2164, + 610, 604, 612, 616, 613, 69, 69, 607, 69, 602, + 614, 69, 608, 69, 615, 2164, 69, 69, 69, 609, + 618, 69, 69, 621, 611, 617, 69, 610, 620, 612, + + 616, 613, 69, 619, 622, 69, 69, 614, 623, 2164, + 624, 615, 69, 625, 2164, 626, 69, 618, 69, 628, + 621, 629, 2164, 630, 632, 620, 2164, 627, 2164, 2164, + 619, 69, 69, 631, 633, 623, 69, 624, 69, 69, + 625, 69, 626, 69, 69, 634, 628, 69, 629, 635, + 630, 632, 636, 637, 627, 638, 69, 640, 645, 639, + 631, 633, 69, 641, 69, 69, 642, 643, 650, 644, + 69, 69, 634, 2164, 69, 69, 635, 69, 2164, 636, + 637, 69, 638, 648, 640, 645, 639, 646, 141, 649, + 641, 69, 69, 642, 643, 647, 644, 69, 651, 655, + + 69, 69, 653, 652, 2164, 69, 654, 2164, 656, 657, + 648, 665, 672, 69, 646, 69, 649, 69, 69, 658, + 668, 69, 647, 69, 666, 651, 69, 69, 670, 653, + 652, 69, 659, 654, 69, 656, 657, 2164, 665, 69, + 2164, 69, 669, 667, 69, 671, 658, 668, 2164, 707, + 2164, 666, 681, 680, 69, 670, 685, 682, 69, 659, + 660, 69, 684, 2164, 661, 69, 69, 662, 686, 669, + 667, 69, 671, 687, 663, 69, 683, 664, 69, 681, + 680, 69, 69, 69, 682, 688, 69, 660, 69, 684, + 691, 661, 689, 690, 662, 686, 2164, 69, 694, 69, + + 687, 663, 692, 683, 664, 673, 674, 2164, 675, 693, + 2164, 676, 688, 69, 69, 69, 677, 691, 69, 689, + 690, 696, 678, 679, 69, 694, 699, 698, 69, 692, + 700, 69, 673, 674, 69, 675, 693, 695, 676, 697, + 704, 708, 69, 677, 703, 69, 69, 69, 696, 678, + 679, 702, 69, 699, 698, 701, 705, 700, 706, 69, + 69, 720, 69, 709, 695, 710, 697, 704, 69, 711, + 712, 703, 713, 69, 715, 717, 714, 718, 702, 2164, + 69, 69, 701, 69, 2164, 706, 69, 69, 69, 69, + 709, 719, 710, 69, 69, 69, 711, 712, 69, 713, + + 716, 715, 69, 714, 718, 721, 722, 723, 69, 725, + 69, 724, 729, 69, 727, 726, 730, 728, 719, 69, + 734, 733, 2164, 2164, 69, 69, 2164, 716, 69, 69, + 69, 69, 721, 722, 723, 69, 725, 731, 724, 729, + 69, 727, 726, 730, 728, 732, 69, 69, 733, 735, + 737, 736, 738, 739, 743, 69, 69, 741, 69, 69, + 740, 69, 742, 69, 731, 745, 744, 69, 749, 747, + 748, 746, 732, 69, 69, 69, 735, 737, 736, 738, + 739, 743, 69, 69, 741, 69, 69, 740, 752, 742, + 751, 69, 745, 744, 750, 69, 747, 748, 746, 753, + + 754, 69, 755, 69, 2164, 759, 758, 756, 761, 760, + 69, 69, 764, 765, 762, 757, 763, 751, 2164, 767, + 69, 750, 69, 69, 769, 69, 69, 754, 69, 755, + 766, 69, 759, 758, 756, 69, 760, 69, 69, 764, + 69, 762, 757, 763, 768, 69, 69, 770, 772, 771, + 774, 141, 773, 69, 775, 69, 69, 766, 776, 69, + 784, 69, 2164, 69, 69, 791, 785, 2164, 2164, 783, + 792, 768, 69, 2164, 770, 772, 771, 774, 69, 773, + 786, 775, 69, 69, 789, 776, 777, 784, 778, 787, + 788, 2164, 779, 785, 780, 69, 783, 69, 2164, 781, + + 794, 790, 69, 798, 782, 793, 69, 786, 795, 799, + 69, 789, 69, 777, 69, 778, 787, 788, 69, 779, + 69, 780, 69, 69, 796, 69, 781, 794, 790, 801, + 798, 782, 793, 800, 797, 795, 799, 802, 803, 69, + 804, 812, 69, 2164, 2164, 2164, 69, 811, 821, 2164, + 816, 796, 813, 2164, 814, 2164, 801, 815, 69, 823, + 800, 797, 69, 69, 802, 69, 817, 69, 812, 69, + 69, 806, 69, 818, 811, 69, 807, 816, 808, 813, + 819, 814, 820, 69, 815, 69, 69, 822, 69, 809, + 69, 69, 826, 817, 824, 827, 810, 69, 806, 2164, + + 818, 2164, 828, 807, 825, 808, 69, 819, 830, 820, + 69, 832, 69, 841, 822, 831, 809, 829, 69, 826, + 2164, 824, 69, 810, 69, 69, 69, 69, 833, 828, + 835, 825, 834, 69, 836, 830, 837, 2164, 832, 2164, + 69, 69, 831, 838, 829, 69, 69, 839, 840, 69, + 69, 842, 69, 850, 843, 833, 845, 835, 844, 834, + 846, 836, 69, 837, 69, 69, 69, 69, 69, 847, + 838, 848, 849, 851, 839, 840, 862, 853, 842, 69, + 850, 843, 69, 845, 854, 844, 852, 846, 69, 855, + 69, 69, 856, 69, 2164, 857, 847, 858, 848, 849, + + 69, 859, 860, 861, 853, 69, 865, 864, 69, 69, + 863, 871, 69, 852, 69, 69, 69, 69, 69, 856, + 866, 69, 857, 868, 858, 867, 869, 2164, 859, 860, + 861, 69, 69, 865, 864, 872, 69, 863, 871, 870, + 873, 874, 69, 882, 2164, 69, 69, 866, 69, 876, + 868, 875, 867, 869, 69, 877, 878, 880, 69, 881, + 2164, 69, 872, 879, 69, 69, 870, 873, 69, 69, + 883, 69, 884, 69, 886, 69, 876, 887, 875, 69, + 885, 888, 877, 878, 880, 889, 881, 890, 891, 69, + 879, 892, 69, 69, 69, 893, 69, 883, 69, 884, + + 69, 886, 894, 895, 887, 896, 899, 885, 888, 901, + 69, 69, 898, 69, 903, 891, 69, 69, 892, 69, + 69, 69, 69, 900, 69, 904, 902, 69, 905, 894, + 895, 69, 896, 899, 69, 69, 901, 69, 906, 898, + 907, 903, 908, 2164, 2164, 2164, 909, 911, 912, 2164, + 900, 2164, 904, 902, 910, 905, 913, 919, 915, 916, + 69, 69, 2164, 2164, 69, 914, 69, 927, 917, 908, + 69, 69, 69, 909, 911, 912, 69, 69, 69, 69, + 69, 910, 918, 913, 69, 915, 916, 920, 921, 922, + 69, 923, 914, 69, 927, 917, 932, 69, 69, 928, + + 69, 2164, 929, 931, 935, 69, 924, 933, 2164, 918, + 69, 930, 69, 934, 920, 921, 922, 925, 923, 936, + 926, 69, 69, 932, 69, 69, 928, 69, 69, 929, + 931, 935, 938, 924, 933, 69, 940, 937, 930, 939, + 934, 69, 942, 941, 925, 69, 936, 926, 943, 946, + 69, 944, 945, 2164, 69, 69, 948, 69, 954, 69, + 69, 949, 69, 940, 937, 69, 939, 69, 947, 942, + 941, 69, 950, 951, 69, 943, 946, 2164, 944, 945, + 69, 955, 69, 948, 69, 952, 953, 956, 949, 957, + 69, 968, 69, 958, 69, 947, 69, 962, 960, 950, + + 951, 965, 959, 961, 69, 69, 69, 964, 955, 963, + 2164, 966, 952, 953, 956, 69, 957, 69, 969, 967, + 958, 69, 69, 69, 962, 69, 970, 69, 965, 959, + 69, 971, 972, 973, 964, 974, 963, 69, 966, 976, + 975, 977, 979, 978, 69, 969, 967, 69, 69, 69, + 980, 69, 981, 970, 69, 69, 69, 69, 971, 972, + 973, 69, 974, 69, 982, 983, 976, 975, 977, 979, + 978, 2164, 992, 2164, 991, 2164, 995, 2164, 996, 989, + 994, 2164, 69, 997, 69, 993, 69, 2164, 69, 69, + 69, 982, 983, 984, 69, 69, 998, 69, 985, 992, + + 986, 991, 987, 995, 988, 69, 989, 994, 999, 69, + 69, 69, 993, 1000, 1001, 1002, 1004, 1003, 2164, 1008, + 984, 69, 1006, 998, 69, 985, 69, 986, 69, 987, + 69, 988, 1007, 69, 69, 999, 1005, 1010, 1009, 1012, + 1000, 1001, 1002, 1004, 1003, 69, 69, 1011, 1013, 1006, + 69, 1014, 1016, 1015, 69, 1017, 69, 1019, 2164, 1007, + 69, 69, 1018, 1005, 69, 1009, 1012, 1022, 69, 1020, + 1021, 69, 1024, 1023, 1011, 1013, 69, 69, 69, 69, + 1015, 1025, 1017, 1026, 69, 1027, 69, 1028, 1029, 1018, + 69, 1030, 69, 1032, 1022, 69, 1020, 1021, 69, 1024, + + 1023, 69, 1031, 1033, 69, 69, 1035, 1034, 1025, 1036, + 1026, 1037, 1027, 1039, 1028, 69, 1040, 69, 69, 1038, + 69, 69, 69, 69, 69, 69, 69, 1044, 1043, 1031, + 1033, 1041, 1045, 1035, 1034, 69, 69, 1042, 1037, 1047, + 1039, 1046, 69, 1050, 69, 69, 1038, 1051, 69, 1048, + 69, 1049, 69, 69, 1044, 1043, 69, 1052, 1041, 1045, + 1054, 2164, 1058, 1053, 1042, 69, 1047, 69, 1046, 69, + 1050, 1055, 1056, 1059, 1051, 1060, 1048, 1057, 1049, 69, + 69, 1063, 69, 1061, 69, 1066, 1062, 1054, 69, 1058, + 1053, 1064, 69, 1065, 2164, 69, 1067, 1069, 1055, 1068, + + 1059, 1077, 1060, 69, 69, 69, 69, 1072, 1063, 69, + 1061, 1070, 69, 1062, 1075, 69, 69, 69, 1064, 69, + 1065, 1071, 1073, 1067, 1069, 1074, 1068, 1076, 1077, 69, + 69, 69, 69, 1079, 1072, 1078, 69, 69, 1070, 1080, + 2164, 1075, 1083, 1081, 2164, 1082, 69, 1084, 1071, 1073, + 69, 69, 1074, 69, 1076, 69, 1085, 1087, 1090, 1086, + 1079, 1088, 1078, 1093, 69, 1089, 1080, 69, 69, 1083, + 1081, 1092, 1082, 1094, 1084, 69, 1091, 69, 69, 69, + 1095, 1097, 69, 1085, 1087, 1090, 1086, 69, 1088, 1096, + 1098, 1099, 1089, 69, 1103, 69, 2164, 1101, 1092, 1102, + + 2164, 1100, 69, 1091, 1108, 69, 69, 1095, 69, 69, + 69, 69, 69, 69, 1112, 69, 1096, 1098, 1099, 69, + 1104, 1103, 1106, 1115, 1101, 1105, 1102, 1107, 1100, 1109, + 1110, 1108, 1111, 1113, 69, 1114, 1116, 69, 69, 1117, + 69, 2164, 2164, 69, 69, 1118, 69, 69, 1124, 1125, + 1115, 1121, 69, 69, 69, 1119, 1109, 1110, 1123, 1111, + 1113, 1120, 1114, 69, 69, 1122, 1117, 2164, 69, 69, + 69, 69, 1118, 69, 69, 1124, 1125, 1127, 1121, 1126, + 1128, 1130, 1119, 1131, 1132, 1123, 1129, 1138, 1120, 1144, + 1136, 2164, 1122, 1139, 69, 69, 2164, 69, 69, 1133, + + 2164, 69, 69, 1134, 69, 1140, 1126, 1128, 1130, 69, + 1131, 1132, 1137, 1129, 69, 69, 1135, 1136, 1141, 1145, + 1139, 69, 1142, 69, 69, 69, 1133, 1143, 69, 1146, + 1134, 69, 1140, 1147, 69, 1148, 1149, 1150, 69, 1137, + 1151, 2164, 1152, 1135, 2164, 1141, 69, 1153, 1158, 1142, + 1154, 1155, 1157, 69, 1143, 69, 1146, 1156, 2164, 69, + 1147, 69, 1148, 69, 69, 69, 1160, 69, 69, 1152, + 69, 69, 1161, 1159, 1153, 1158, 69, 1154, 1155, 1157, + 1162, 2164, 1163, 1164, 1156, 69, 1165, 69, 69, 1166, + 1167, 1169, 1168, 69, 1170, 69, 1172, 2164, 69, 1161, + + 1159, 2164, 69, 69, 1173, 1181, 2164, 1162, 69, 1163, + 1164, 1171, 69, 1165, 69, 1176, 1166, 1167, 69, 1168, + 1174, 1170, 69, 1172, 69, 1175, 69, 69, 1177, 1178, + 2164, 1173, 69, 69, 1179, 1180, 69, 69, 1171, 1182, + 1183, 1184, 1176, 1185, 2164, 2164, 69, 1174, 1187, 1191, + 69, 1189, 1175, 1190, 69, 1177, 1178, 69, 69, 69, + 1193, 1179, 1180, 1186, 1188, 1199, 1182, 69, 1184, 69, + 69, 69, 69, 1192, 1194, 1187, 1191, 69, 1189, 69, + 1190, 1195, 1200, 1196, 69, 69, 1197, 1193, 69, 69, + 1186, 1188, 1202, 1201, 1203, 1205, 69, 69, 1198, 1204, + + 1192, 1194, 1206, 1207, 69, 1210, 1212, 69, 1195, 1200, + 1196, 69, 69, 1197, 69, 1209, 1208, 1211, 1214, 1202, + 1201, 1203, 69, 69, 69, 1198, 1204, 69, 69, 1206, + 1207, 1213, 1215, 1216, 2164, 69, 1220, 69, 69, 69, + 69, 1217, 1209, 1208, 1211, 1214, 1218, 1219, 1221, 69, + 69, 1222, 1224, 69, 69, 69, 1223, 2164, 1213, 69, + 1216, 69, 1225, 1220, 1226, 1229, 69, 1227, 1217, 69, + 69, 69, 1230, 1218, 1219, 1221, 1228, 1233, 1222, 69, + 69, 1232, 69, 1223, 69, 1231, 1239, 1234, 69, 1225, + 1235, 1226, 69, 69, 1227, 1236, 2164, 69, 1240, 1230, + + 1241, 1243, 1242, 1228, 1233, 69, 69, 69, 1232, 69, + 1244, 1237, 1231, 1239, 1234, 1246, 1238, 1235, 1248, 1245, + 1252, 1249, 1236, 69, 1251, 69, 69, 69, 1243, 1242, + 69, 1247, 69, 69, 1250, 1254, 69, 1244, 1237, 69, + 1256, 1255, 1246, 1238, 1253, 1248, 1245, 69, 1249, 69, + 69, 69, 69, 69, 1257, 1258, 69, 1259, 1247, 69, + 1260, 1250, 1254, 1261, 1262, 69, 1264, 1256, 1255, 69, + 69, 1253, 1265, 1270, 1263, 69, 1267, 1272, 1271, 1268, + 1274, 1257, 1258, 1276, 1259, 1279, 1266, 1260, 69, 69, + 1261, 1262, 69, 1264, 69, 1269, 1275, 2164, 69, 1265, + + 1277, 1263, 1273, 1267, 69, 69, 1268, 1278, 1283, 69, + 1280, 69, 69, 1266, 69, 69, 69, 69, 69, 1281, + 1284, 69, 1269, 1275, 69, 1282, 1285, 1277, 1287, 1273, + 1288, 1289, 1286, 1291, 1278, 1283, 69, 1280, 1293, 69, + 69, 69, 69, 69, 1292, 1290, 1281, 1284, 1294, 1297, + 1300, 69, 1282, 1285, 69, 1287, 1295, 1296, 1289, 1286, + 69, 69, 69, 1311, 1298, 1293, 1307, 69, 69, 1299, + 69, 1292, 1290, 1301, 1302, 1294, 1297, 69, 69, 69, + 1303, 69, 1304, 1295, 1296, 1305, 69, 1308, 1313, 1310, + 69, 1298, 1306, 69, 69, 69, 1299, 69, 69, 69, + + 1301, 1302, 69, 1312, 1309, 1315, 1314, 1303, 1316, 1304, + 69, 1317, 1305, 69, 1308, 69, 1310, 1318, 1319, 1306, + 2164, 1323, 1324, 69, 1320, 69, 69, 69, 69, 69, + 1312, 1309, 1315, 1314, 1321, 69, 1322, 69, 1317, 69, + 1325, 2164, 69, 69, 1318, 1319, 1326, 1327, 1323, 1324, + 1329, 1320, 69, 1331, 1330, 1335, 1332, 69, 69, 1336, + 1328, 1321, 69, 1322, 1333, 69, 69, 1325, 69, 1337, + 69, 1334, 1338, 1326, 1327, 1340, 69, 1329, 1339, 69, + 69, 1330, 1335, 1341, 69, 1342, 69, 1328, 69, 1343, + 1344, 1333, 1345, 1346, 1348, 2164, 1337, 1349, 1334, 69, + + 1350, 69, 69, 1351, 2164, 1339, 69, 1347, 2164, 69, + 1341, 1358, 2164, 69, 2164, 1360, 1343, 69, 69, 1345, + 1361, 1348, 69, 1364, 69, 69, 69, 1350, 1362, 1352, + 1353, 1354, 1356, 1357, 1347, 69, 1355, 1370, 1359, 69, + 69, 69, 1363, 69, 69, 69, 1366, 69, 69, 1369, + 69, 1365, 69, 1371, 1367, 1362, 1352, 1353, 1354, 1356, + 1357, 69, 1368, 1355, 69, 1359, 1373, 69, 1372, 1363, + 1374, 69, 69, 1366, 69, 69, 1369, 1378, 1365, 1375, + 1371, 1367, 69, 1376, 1377, 69, 1379, 69, 1382, 1368, + 1381, 1380, 1385, 69, 1384, 1372, 1386, 1374, 1383, 69, + + 1387, 69, 69, 69, 1378, 69, 1375, 1388, 1389, 1390, + 1376, 1377, 69, 1379, 69, 1391, 69, 1381, 1380, 1393, + 69, 1384, 1392, 69, 69, 1383, 69, 69, 69, 69, + 1394, 1395, 69, 1396, 1388, 1389, 1390, 69, 1397, 69, + 1398, 1401, 1391, 69, 1400, 1404, 1393, 1402, 1406, 1392, + 69, 1405, 69, 69, 1403, 69, 1399, 1394, 1395, 69, + 1396, 1409, 1413, 69, 1410, 1397, 69, 1398, 1401, 69, + 69, 1400, 1404, 1411, 1402, 69, 1414, 69, 1405, 1407, + 1412, 1403, 1417, 1399, 1408, 1415, 69, 69, 69, 1419, + 1416, 1410, 1418, 69, 69, 69, 1420, 1421, 1422, 1424, + + 1411, 69, 1425, 69, 69, 1423, 1407, 1412, 1426, 1427, + 1430, 1408, 69, 69, 69, 1428, 1419, 69, 1431, 1418, + 69, 69, 1429, 1432, 1421, 1422, 1424, 1434, 69, 1436, + 69, 1433, 1423, 1435, 69, 1426, 69, 1430, 69, 1438, + 1437, 69, 1428, 1439, 1440, 69, 69, 1441, 1442, 1429, + 69, 69, 2164, 1444, 69, 1445, 1436, 69, 1433, 69, + 1435, 69, 69, 69, 1443, 69, 1438, 1437, 69, 1447, + 1439, 1440, 1446, 69, 1441, 1442, 1448, 1449, 1450, 69, + 69, 1451, 1445, 69, 1452, 1454, 1456, 69, 1453, 69, + 2164, 1443, 1458, 1455, 69, 69, 69, 1457, 1459, 1446, + + 1460, 69, 1461, 1448, 1449, 1450, 69, 69, 1451, 1464, + 69, 1452, 69, 1456, 1463, 1453, 69, 69, 69, 1458, + 1455, 1462, 69, 1465, 1457, 1459, 69, 1460, 2164, 69, + 1466, 1468, 69, 1467, 1469, 1470, 1464, 1472, 2164, 1473, + 69, 1463, 2164, 1471, 69, 1475, 1479, 69, 1462, 1474, + 2164, 69, 1486, 1476, 69, 69, 69, 1466, 1468, 69, + 1467, 69, 1470, 69, 1472, 69, 1473, 69, 69, 1477, + 1471, 1478, 1475, 1479, 1483, 1480, 1474, 69, 1481, 1486, + 1476, 69, 1484, 1487, 69, 1485, 69, 69, 2164, 69, + 1490, 1482, 69, 1488, 1489, 2164, 1477, 1491, 1478, 69, + + 1492, 1483, 1480, 1493, 1496, 1481, 1495, 69, 69, 1484, + 1487, 2164, 1485, 69, 69, 69, 1497, 1490, 1482, 1498, + 1488, 1489, 69, 1499, 1491, 1494, 69, 1492, 69, 69, + 69, 1496, 69, 1495, 1501, 1500, 1502, 1503, 69, 2164, + 1504, 69, 69, 1497, 1506, 1505, 1498, 1507, 1511, 1508, + 1499, 69, 1494, 69, 1510, 1512, 1509, 69, 69, 69, + 1513, 69, 1500, 1502, 1503, 1515, 69, 1504, 69, 1514, + 1519, 1506, 1505, 1516, 69, 69, 1508, 69, 1521, 1524, + 69, 1510, 1512, 1509, 69, 69, 1517, 1513, 1520, 1518, + 1522, 69, 1515, 2164, 69, 69, 1514, 1519, 1525, 69, + + 1516, 69, 1527, 1523, 69, 69, 1524, 1526, 69, 69, + 1528, 1529, 1530, 1517, 1531, 1520, 1518, 1522, 69, 69, + 69, 69, 69, 1535, 1532, 1525, 1533, 1534, 69, 1527, + 1523, 1536, 1537, 69, 1526, 69, 69, 1528, 1529, 1530, + 1538, 1531, 1539, 1541, 1540, 69, 1546, 1542, 69, 69, + 69, 1532, 1543, 1533, 1534, 1544, 1545, 69, 1536, 69, + 2164, 1547, 1549, 69, 1550, 69, 69, 1538, 1551, 1539, + 1541, 1540, 1553, 69, 69, 1548, 1554, 1552, 1555, 69, + 69, 69, 1544, 1545, 1556, 1557, 1558, 69, 1547, 1549, + 1559, 69, 69, 1561, 69, 1551, 1560, 69, 69, 1553, + + 69, 1567, 1548, 1564, 1552, 1555, 1562, 69, 69, 69, + 69, 69, 1557, 1558, 1563, 69, 1568, 1559, 1565, 1569, + 1561, 1566, 1570, 1560, 2164, 69, 69, 69, 69, 1572, + 1564, 69, 69, 1562, 1571, 69, 1574, 69, 1578, 69, + 69, 1563, 1573, 1568, 69, 1565, 1569, 1576, 1566, 1570, + 69, 1575, 1577, 69, 69, 69, 1572, 1581, 69, 1580, + 1579, 1571, 1583, 1574, 1582, 1578, 69, 1584, 1585, 1573, + 1586, 69, 1587, 1588, 1576, 1591, 69, 2164, 1575, 1577, + 69, 1589, 69, 1594, 69, 1595, 1580, 1579, 69, 1583, + 1590, 1582, 1596, 69, 1584, 1585, 69, 1586, 1598, 69, + + 69, 69, 1591, 1592, 69, 1597, 1593, 1599, 1589, 1600, + 69, 1601, 69, 69, 1602, 1603, 69, 1590, 1604, 69, + 1605, 69, 1607, 69, 1610, 69, 1608, 69, 1611, 1606, + 1592, 1609, 1597, 1593, 1599, 69, 69, 69, 69, 1613, + 69, 1602, 1603, 1612, 1617, 1604, 1621, 69, 69, 69, + 1615, 1610, 69, 1608, 69, 1611, 1606, 1614, 1609, 1616, + 1619, 1618, 69, 1620, 69, 69, 69, 69, 69, 69, + 1612, 69, 1622, 1621, 1623, 69, 1624, 1615, 1625, 1629, + 1626, 1631, 69, 1628, 1614, 69, 1616, 1619, 1618, 1630, + 1620, 1627, 69, 1632, 2164, 1642, 69, 69, 1634, 69, + + 69, 1623, 1633, 69, 69, 1625, 1629, 1626, 1631, 69, + 1628, 1635, 69, 1636, 69, 69, 1630, 69, 1627, 1637, + 1632, 1638, 1643, 1641, 1639, 1634, 1640, 69, 1646, 1633, + 1644, 1647, 1655, 69, 1645, 69, 69, 69, 1635, 1648, + 1636, 69, 69, 69, 69, 69, 1637, 1649, 1638, 1643, + 1641, 1639, 69, 1640, 69, 1646, 1652, 1644, 1653, 1655, + 1650, 1645, 1651, 69, 1654, 69, 1648, 69, 69, 1656, + 1657, 1658, 1661, 1659, 1649, 1660, 69, 1662, 1664, 69, + 69, 1663, 1665, 1652, 69, 1653, 1667, 1650, 1666, 1651, + 69, 1654, 1668, 69, 69, 1671, 1656, 1657, 1658, 69, + + 1659, 69, 1660, 69, 69, 1669, 1670, 69, 1663, 69, + 69, 1672, 69, 1667, 69, 1666, 1673, 1674, 69, 1668, + 1675, 69, 1671, 1676, 1677, 1679, 1678, 1681, 1680, 1682, + 69, 69, 1669, 1670, 69, 69, 1683, 1684, 1672, 69, + 69, 1687, 69, 1673, 69, 1685, 69, 1675, 69, 69, + 1676, 1677, 1679, 1678, 1681, 1680, 69, 69, 1686, 1688, + 2164, 69, 1689, 1683, 1684, 1691, 1690, 2164, 1693, 69, + 1692, 1695, 1685, 69, 1694, 1696, 2164, 1697, 69, 69, + 69, 1698, 1699, 1700, 69, 1686, 1688, 69, 1701, 1689, + 1702, 69, 1691, 1690, 69, 1693, 1703, 1692, 69, 69, + + 69, 1694, 1696, 69, 1697, 1705, 1704, 69, 1698, 69, + 69, 69, 1708, 1706, 1707, 1710, 69, 1702, 1709, 1711, + 69, 69, 1712, 1703, 1713, 2164, 1714, 69, 69, 69, + 1715, 1717, 1705, 1704, 69, 1718, 69, 1716, 1720, 69, + 1706, 1707, 1719, 1721, 1722, 1709, 1711, 69, 69, 1712, + 1723, 69, 69, 1714, 1725, 69, 69, 69, 1717, 69, + 69, 1724, 1718, 69, 1716, 1720, 1726, 1727, 1728, 1719, + 69, 69, 1729, 1731, 1730, 1732, 69, 69, 2164, 1733, + 69, 1725, 69, 69, 1734, 69, 1739, 69, 1724, 1736, + 1747, 1735, 69, 1726, 1727, 1728, 69, 69, 69, 1729, + + 1731, 1730, 69, 69, 1737, 1740, 1733, 69, 1738, 1742, + 1741, 1734, 69, 1739, 69, 1744, 1736, 69, 1735, 69, + 1743, 69, 1745, 69, 69, 1748, 1746, 2164, 1749, 1750, + 1751, 1737, 1740, 1752, 1753, 1738, 1742, 1741, 69, 69, + 69, 1756, 1744, 69, 69, 1754, 69, 1743, 69, 1745, + 69, 1755, 69, 1746, 69, 1749, 1750, 1751, 69, 69, + 1752, 1753, 1757, 1760, 1758, 2164, 1759, 1761, 1756, 69, + 1762, 1764, 1754, 69, 1768, 1763, 1769, 1765, 1755, 69, + 1770, 1771, 69, 69, 1775, 69, 69, 1766, 1767, 1757, + 69, 1758, 69, 1759, 1761, 69, 69, 1762, 1764, 69, + + 1772, 1768, 1763, 69, 1765, 1773, 69, 69, 1774, 69, + 1780, 1775, 1776, 69, 1766, 1767, 69, 69, 1777, 69, + 1778, 1779, 1781, 1782, 1785, 69, 1783, 1772, 69, 69, + 1784, 69, 1773, 69, 1787, 1774, 1788, 1780, 1792, 1776, + 1786, 1789, 69, 69, 1790, 1777, 69, 1778, 1779, 1781, + 1782, 69, 69, 1783, 69, 1791, 69, 1784, 1793, 1794, + 1795, 1787, 1796, 69, 69, 69, 1797, 1786, 1789, 1798, + 69, 1790, 69, 1799, 2164, 1800, 1801, 1803, 69, 2164, + 1802, 69, 1791, 1804, 1805, 1793, 69, 69, 1812, 1796, + 1806, 69, 1809, 69, 69, 69, 1798, 1807, 69, 1810, + + 69, 69, 1800, 1801, 1803, 69, 69, 1802, 1808, 1813, + 1804, 1805, 1814, 1811, 69, 69, 69, 1806, 1816, 1809, + 69, 69, 1815, 2164, 1807, 69, 1810, 1818, 1820, 1817, + 1819, 1821, 69, 1822, 1826, 1808, 69, 1825, 1823, 1814, + 1811, 2164, 69, 1824, 69, 1827, 1852, 69, 1831, 1815, + 69, 69, 1828, 69, 1818, 69, 1817, 1819, 69, 69, + 1822, 1830, 1829, 1832, 1825, 1835, 69, 69, 69, 1833, + 69, 1834, 1827, 69, 69, 1831, 1838, 1836, 69, 1828, + 69, 1839, 1841, 1837, 69, 69, 69, 69, 1830, 1829, + 1832, 1840, 1835, 1842, 69, 69, 1833, 69, 1834, 69, + + 69, 69, 1845, 1838, 1836, 1843, 1844, 1846, 1839, 1841, + 1837, 1848, 69, 1847, 69, 69, 1849, 69, 1840, 1850, + 1842, 1851, 1853, 69, 1856, 1855, 1854, 69, 1859, 69, + 1861, 69, 1843, 1844, 1846, 1858, 1857, 1862, 1848, 2164, + 1847, 69, 69, 69, 69, 69, 1850, 69, 1851, 69, + 69, 1856, 1855, 1854, 1860, 1859, 69, 1861, 69, 1865, + 1863, 1864, 1858, 1857, 69, 1866, 69, 69, 69, 1867, + 1868, 1869, 1870, 1871, 1873, 1874, 1872, 1880, 1875, 1876, + 2164, 1860, 69, 1879, 1877, 69, 1865, 1863, 1864, 69, + 1878, 2164, 69, 69, 69, 1882, 1867, 69, 69, 69, + + 1871, 69, 69, 1872, 69, 1875, 69, 1883, 1884, 69, + 1879, 69, 1881, 1885, 69, 69, 1888, 1878, 69, 1889, + 1886, 1887, 1882, 1891, 1890, 1892, 1894, 2164, 69, 69, + 69, 69, 69, 1893, 1883, 1884, 69, 1896, 69, 1881, + 1885, 69, 1897, 1888, 1898, 69, 1889, 1886, 1887, 1895, + 1891, 1890, 69, 1894, 1899, 1900, 1903, 69, 1906, 1901, + 1893, 1902, 69, 69, 1896, 69, 69, 1907, 69, 1897, + 69, 1898, 1904, 1905, 69, 1908, 1895, 69, 1909, 69, + 69, 1899, 1900, 1903, 69, 69, 1901, 1910, 1902, 1911, + 1913, 69, 1912, 1915, 1907, 1914, 1916, 2164, 1917, 1904, + + 1905, 69, 1908, 1918, 2164, 69, 1921, 69, 69, 69, + 1919, 69, 2164, 1920, 1910, 2164, 1911, 69, 69, 1912, + 1915, 1922, 1914, 1916, 69, 1924, 1923, 69, 1925, 1927, + 69, 69, 1926, 69, 1931, 1928, 1932, 1919, 1934, 69, + 1920, 69, 1929, 1936, 1933, 1930, 69, 69, 1922, 1938, + 69, 69, 1924, 1923, 69, 1925, 1927, 69, 69, 1926, + 1935, 69, 1928, 1932, 1937, 1934, 1940, 1939, 69, 1929, + 1941, 1933, 1930, 69, 1942, 69, 69, 1944, 1943, 69, + 69, 1945, 69, 1946, 1947, 1948, 69, 1935, 69, 69, + 1949, 1937, 1951, 1940, 1939, 69, 1950, 1941, 1954, 69, + + 1956, 1952, 1953, 69, 69, 1943, 69, 1958, 1945, 69, + 1946, 69, 1948, 69, 69, 1955, 69, 1949, 1957, 1951, + 69, 69, 1959, 1950, 1960, 1954, 69, 69, 1952, 1953, + 1961, 1962, 1963, 1964, 69, 1965, 1966, 2164, 1967, 69, + 69, 69, 1955, 1968, 69, 1957, 1970, 1969, 1971, 69, + 1975, 69, 69, 69, 1980, 1976, 69, 1961, 1962, 69, + 1964, 1972, 1965, 1966, 69, 1967, 1973, 2164, 1977, 69, + 1968, 1974, 1978, 69, 1969, 69, 1979, 69, 69, 69, + 1981, 69, 1976, 69, 1982, 2164, 69, 69, 1972, 1985, + 1984, 1983, 1986, 1973, 69, 1977, 1989, 69, 1974, 1978, + + 69, 1990, 1991, 1979, 1987, 1988, 1992, 69, 69, 1994, + 69, 1982, 69, 1993, 69, 1995, 1985, 1984, 1983, 1996, + 1997, 1998, 69, 69, 69, 2000, 2003, 1999, 69, 1991, + 2002, 1987, 1988, 69, 2001, 69, 1994, 69, 2004, 69, + 1993, 2006, 1995, 2005, 2007, 2008, 69, 69, 69, 69, + 69, 69, 69, 69, 1999, 2009, 69, 2002, 2010, 69, + 2015, 2001, 2011, 2164, 2014, 2004, 2012, 69, 2006, 2013, + 2005, 69, 2008, 69, 69, 69, 69, 2016, 2017, 2020, + 2024, 2018, 2009, 2019, 69, 69, 69, 2015, 69, 2011, + 69, 2014, 69, 2012, 2026, 2023, 2013, 69, 69, 2021, + + 2022, 69, 69, 2027, 2016, 2017, 2020, 2024, 2018, 69, + 2019, 2025, 2028, 2029, 2030, 2031, 2164, 2033, 69, 2032, + 2034, 69, 2023, 2035, 2036, 2037, 2021, 2022, 2040, 69, + 69, 2039, 2038, 2041, 2042, 69, 69, 69, 2025, 2028, + 69, 69, 69, 69, 69, 2043, 2032, 2034, 2044, 69, + 2035, 69, 2037, 2045, 69, 2040, 2047, 69, 2039, 2038, + 69, 69, 2046, 2048, 69, 2049, 2050, 2052, 69, 69, + 69, 2051, 2043, 2053, 2054, 2044, 2055, 2056, 2057, 69, + 69, 2058, 2059, 2047, 2060, 2062, 2065, 69, 69, 2046, + 2048, 2164, 2049, 2050, 69, 2061, 69, 69, 2051, 2064, + + 69, 69, 2067, 69, 69, 2057, 2063, 69, 69, 2059, + 69, 2060, 69, 2068, 2066, 69, 2069, 2070, 69, 2072, + 2076, 69, 2061, 69, 69, 69, 2064, 69, 69, 2067, + 2071, 2073, 2074, 2063, 2077, 2075, 69, 2164, 69, 69, + 2068, 2066, 69, 2069, 2070, 69, 2072, 2076, 69, 2081, + 2084, 69, 2078, 2082, 69, 2079, 2080, 2071, 2073, 2074, + 69, 2077, 2075, 2083, 69, 69, 2085, 69, 2086, 2088, + 69, 2087, 2089, 2164, 2092, 2093, 2081, 69, 2090, 2078, + 2082, 2095, 2079, 2080, 69, 2091, 69, 69, 2099, 2094, + 2083, 2096, 2100, 2085, 69, 69, 69, 69, 2087, 2089, + + 69, 2092, 69, 69, 2097, 2090, 2098, 69, 69, 2101, + 2164, 2102, 2091, 69, 69, 2103, 2094, 2104, 2096, 2106, + 69, 2107, 69, 69, 69, 69, 2105, 69, 2110, 2108, + 69, 2097, 2109, 2098, 2164, 69, 2101, 2112, 2102, 2111, + 69, 2113, 2103, 69, 2104, 69, 2106, 2114, 2107, 69, + 69, 2119, 2164, 2105, 2115, 2110, 2108, 2116, 2117, 2109, + 2120, 69, 2118, 2124, 2112, 2164, 2111, 2122, 69, 2123, + 69, 2121, 2164, 69, 2114, 69, 69, 69, 2125, 69, + 69, 2115, 2127, 69, 2116, 2117, 69, 69, 2126, 2118, + 2131, 69, 2128, 2129, 2122, 69, 2123, 2130, 2121, 2132, + + 69, 69, 69, 2134, 69, 2125, 2133, 2164, 2135, 2127, + 2136, 69, 2139, 2164, 69, 2126, 69, 2131, 2137, 2128, + 2129, 69, 2140, 2138, 2130, 2164, 2132, 2141, 2142, 69, + 2134, 69, 69, 2133, 69, 2135, 69, 2136, 69, 69, + 2143, 2145, 69, 2144, 2146, 2137, 2149, 69, 2147, 2140, + 2138, 69, 2148, 2150, 2141, 2142, 69, 2151, 2164, 2152, + 69, 69, 69, 69, 2153, 69, 69, 2143, 2145, 2154, + 2144, 2146, 69, 2149, 2155, 2147, 2156, 2157, 2158, 2148, + 2150, 2162, 2164, 2163, 2151, 69, 2152, 2159, 2164, 69, + 2160, 69, 2164, 2164, 2161, 2164, 2154, 69, 69, 2164, + + 69, 69, 69, 69, 2157, 2158, 2164, 2164, 69, 69, + 69, 2164, 2164, 2164, 2159, 2164, 2164, 2160, 2164, 2164, + 2164, 2161, 41, 41, 41, 41, 41, 41, 41, 46, + 46, 46, 46, 46, 46, 46, 51, 51, 51, 51, + 51, 51, 51, 57, 57, 57, 57, 57, 57, 57, + 62, 62, 62, 62, 62, 62, 62, 72, 72, 2164, + 72, 72, 72, 72, 131, 131, 2164, 2164, 2164, 131, + 131, 133, 133, 2164, 2164, 133, 2164, 133, 135, 2164, + 2164, 2164, 2164, 2164, 135, 138, 138, 2164, 2164, 2164, + 138, 138, 140, 2164, 2164, 2164, 2164, 2164, 140, 142, + + 142, 2164, 142, 142, 142, 142, 73, 73, 2164, 73, + 73, 73, 73, 13, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164 } ; -static yyconst flex_int16_t yy_chk[5794] = +static yyconst flex_int16_t yy_chk[6281] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1754,638 +1860,690 @@ static yyconst flex_int16_t yy_chk[5794] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 3, 3, 3, 4, 4, - 4, 5, 5, 6, 6, 5, 27, 6, 7, 7, - 7, 7, 2002, 7, 8, 8, 8, 8, 27, 8, - 9, 9, 9, 10, 10, 10, 15, 45, 45, 50, - - 15, 3, 50, 27, 4, 61, 61, 5, 19, 6, - 19, 19, 70, 19, 717, 7, 70, 40, 19, 40, - 40, 8, 40, 23, 20, 20, 9, 40, 724, 10, - 11, 11, 11, 11, 11, 11, 12, 12, 12, 12, - 12, 12, 20, 23, 717, 19, 23, 29, 20, 11, - 23, 20, 20, 132, 21, 12, 132, 24, 83, 29, - 138, 21, 34, 83, 25, 28, 66, 11, 21, 20, - 23, 24, 25, 12, 29, 34, 11, 130, 130, 66, - 21, 21, 12, 24, 24, 83, 802, 28, 21, 34, - 25, 25, 28, 66, 30, 21, 22, 136, 24, 25, - - 22, 26, 30, 22, 26, 22, 22, 135, 30, 32, - 133, 26, 30, 26, 802, 32, 95, 37, 22, 37, - 30, 30, 31, 22, 26, 118, 31, 22, 26, 30, - 22, 26, 22, 22, 37, 30, 32, 35, 26, 30, - 26, 35, 31, 37, 37, 36, 37, 95, 31, 31, - 76, 35, 38, 31, 35, 36, 118, 38, 131, 36, - 36, 37, 129, 35, 35, 38, 68, 36, 35, 31, - 33, 75, 36, 76, 33, 137, 137, 76, 35, 38, - 33, 35, 36, 33, 38, 39, 36, 36, 62, 39, - 33, 80, 33, 39, 57, 75, 52, 33, 75, 51, - - 56, 33, 56, 56, 80, 56, 46, 33, 77, 41, - 33, 39, 39, 14, 144, 77, 39, 33, 80, 64, - 39, 64, 64, 67, 64, 67, 67, 69, 67, 69, - 69, 72, 69, 72, 72, 77, 72, 69, 78, 79, - 81, 72, 84, 82, 82, 144, 81, 86, 79, 89, - 84, 78, 82, 13, 91, 85, 64, 87, 89, 0, - 86, 81, 78, 88, 87, 78, 79, 81, 72, 84, - 82, 82, 85, 81, 86, 92, 89, 91, 78, 88, - 90, 91, 93, 0, 87, 0, 85, 0, 94, 90, - 88, 94, 96, 99, 97, 93, 99, 92, 100, 85, - - 96, 101, 92, 0, 94, 94, 98, 90, 107, 93, - 98, 100, 94, 103, 97, 94, 97, 107, 94, 96, - 99, 97, 102, 104, 101, 100, 0, 103, 101, 106, - 98, 94, 94, 98, 105, 107, 106, 98, 109, 108, - 103, 97, 102, 104, 112, 111, 0, 109, 105, 102, - 104, 110, 111, 113, 114, 110, 106, 115, 0, 116, - 113, 105, 108, 223, 119, 109, 108, 116, 114, 115, - 112, 112, 111, 110, 117, 154, 120, 122, 110, 119, - 113, 114, 110, 117, 115, 121, 116, 123, 122, 127, - 124, 119, 223, 123, 121, 126, 120, 125, 127, 128, - - 0, 117, 120, 120, 122, 0, 154, 0, 0, 142, - 126, 124, 121, 0, 123, 124, 127, 124, 0, 125, - 258, 128, 126, 120, 125, 134, 128, 134, 134, 139, - 134, 139, 139, 142, 139, 143, 142, 140, 124, 140, - 140, 145, 140, 147, 146, 149, 148, 258, 150, 151, - 0, 147, 149, 145, 151, 152, 159, 143, 148, 153, - 307, 307, 143, 146, 157, 160, 150, 155, 145, 0, - 147, 146, 149, 148, 140, 150, 158, 152, 159, 162, - 151, 151, 152, 159, 158, 153, 153, 160, 155, 307, - 157, 157, 160, 161, 0, 155, 163, 161, 164, 0, - - 165, 167, 162, 158, 166, 0, 162, 166, 168, 173, - 167, 164, 165, 0, 169, 155, 156, 171, 163, 166, - 161, 156, 0, 163, 171, 164, 156, 165, 167, 0, - 168, 166, 156, 156, 166, 168, 169, 170, 172, 156, - 173, 169, 170, 156, 171, 174, 176, 175, 156, 172, - 0, 0, 177, 156, 170, 178, 170, 175, 179, 156, - 156, 178, 0, 170, 170, 172, 180, 181, 182, 170, - 177, 174, 174, 184, 183, 185, 187, 176, 175, 177, - 0, 170, 178, 170, 175, 186, 188, 184, 180, 179, - 189, 188, 186, 180, 183, 192, 185, 187, 181, 182, - - 184, 183, 185, 187, 190, 191, 194, 192, 193, 189, - 197, 195, 186, 188, 201, 193, 195, 189, 190, 198, - 196, 196, 192, 200, 199, 203, 198, 191, 194, 196, - 204, 190, 191, 194, 202, 193, 205, 206, 195, 209, - 203, 197, 202, 200, 212, 201, 198, 196, 196, 199, - 200, 199, 203, 207, 209, 208, 204, 204, 205, 208, - 211, 202, 213, 210, 214, 215, 209, 205, 206, 218, - 207, 210, 216, 217, 219, 212, 219, 215, 207, 211, - 207, 216, 208, 220, 213, 205, 217, 211, 218, 213, - 210, 221, 215, 222, 226, 214, 218, 207, 224, 216, - - 217, 219, 225, 227, 229, 226, 231, 220, 228, 0, - 220, 233, 234, 236, 0, 227, 221, 0, 221, 222, - 222, 226, 230, 232, 224, 224, 235, 229, 225, 225, - 227, 229, 228, 240, 237, 228, 232, 231, 234, 234, - 230, 237, 233, 238, 236, 239, 244, 240, 235, 230, - 232, 239, 238, 235, 241, 242, 243, 245, 0, 246, - 240, 237, 247, 248, 249, 243, 245, 250, 0, 244, - 238, 247, 239, 244, 0, 253, 0, 251, 248, 242, - 241, 241, 242, 243, 245, 246, 246, 259, 252, 247, - 248, 250, 251, 253, 250, 249, 252, 252, 255, 252, - - 264, 254, 253, 256, 251, 261, 252, 254, 257, 257, - 260, 259, 255, 260, 259, 252, 262, 261, 256, 265, - 260, 263, 268, 252, 252, 255, 252, 264, 254, 266, - 256, 271, 261, 257, 262, 257, 257, 260, 267, 263, - 260, 265, 269, 262, 268, 270, 265, 272, 263, 268, - 267, 273, 270, 275, 272, 266, 266, 269, 274, 278, - 274, 277, 271, 0, 0, 267, 275, 279, 281, 269, - 0, 294, 270, 273, 272, 281, 300, 0, 273, 277, - 275, 276, 274, 280, 276, 274, 276, 274, 277, 279, - 278, 280, 276, 282, 279, 281, 283, 280, 284, 285, - - 289, 288, 294, 287, 289, 282, 0, 300, 276, 283, - 280, 276, 285, 276, 284, 287, 0, 292, 280, 288, - 282, 290, 284, 283, 291, 284, 285, 290, 288, 292, - 287, 289, 291, 293, 295, 297, 298, 299, 295, 296, - 293, 284, 286, 286, 292, 304, 296, 297, 290, 299, - 301, 291, 286, 302, 286, 286, 286, 301, 298, 286, - 293, 295, 297, 298, 299, 303, 296, 286, 302, 286, - 286, 306, 322, 305, 309, 0, 304, 301, 303, 286, - 302, 286, 286, 286, 305, 309, 286, 308, 310, 311, - 313, 316, 303, 306, 308, 312, 314, 315, 306, 310, - - 305, 309, 311, 322, 316, 319, 315, 318, 317, 0, - 320, 321, 0, 313, 308, 310, 311, 313, 316, 314, - 312, 317, 312, 314, 315, 318, 317, 319, 324, 321, - 323, 325, 319, 320, 318, 317, 323, 320, 321, 326, - 327, 0, 328, 329, 332, 330, 334, 327, 317, 324, - 331, 333, 334, 336, 325, 324, 0, 323, 325, 330, - 335, 326, 338, 0, 337, 329, 326, 327, 328, 328, - 329, 336, 330, 334, 333, 332, 331, 331, 333, 337, - 336, 339, 335, 340, 341, 338, 342, 335, 344, 338, - 341, 337, 345, 348, 349, 352, 354, 346, 345, 347, - - 348, 0, 352, 358, 0, 340, 0, 339, 339, 349, - 340, 341, 342, 342, 344, 344, 346, 347, 353, 345, - 348, 349, 352, 351, 346, 351, 347, 354, 355, 356, - 357, 353, 351, 360, 358, 361, 359, 365, 360, 364, - 0, 361, 362, 0, 0, 353, 355, 363, 365, 357, - 351, 356, 351, 0, 394, 355, 356, 357, 359, 363, - 360, 364, 361, 366, 365, 362, 364, 359, 368, 362, - 369, 366, 370, 389, 363, 368, 372, 371, 369, 0, - 373, 394, 0, 370, 374, 359, 371, 373, 376, 0, - 366, 367, 375, 377, 375, 368, 367, 369, 367, 370, - - 372, 0, 0, 372, 389, 377, 367, 373, 371, 367, - 374, 374, 378, 371, 376, 376, 367, 367, 367, 375, - 377, 380, 379, 367, 382, 367, 381, 378, 385, 380, - 384, 381, 383, 367, 379, 386, 367, 388, 384, 378, - 385, 0, 393, 367, 392, 391, 382, 0, 380, 379, - 383, 382, 390, 381, 391, 385, 386, 384, 392, 383, - 388, 393, 386, 395, 388, 396, 397, 390, 398, 393, - 399, 392, 391, 404, 402, 401, 400, 402, 395, 390, - 403, 397, 399, 405, 403, 402, 406, 404, 407, 408, - 395, 409, 398, 397, 410, 398, 396, 399, 400, 401, - - 404, 402, 401, 400, 402, 412, 411, 413, 414, 415, - 405, 403, 411, 406, 416, 413, 408, 417, 409, 407, - 419, 418, 0, 420, 0, 410, 424, 412, 418, 421, - 429, 414, 412, 411, 413, 414, 430, 416, 422, 417, - 415, 416, 421, 422, 417, 420, 423, 422, 418, 425, - 420, 419, 424, 424, 430, 423, 421, 426, 425, 427, - 432, 429, 422, 430, 428, 422, 431, 433, 0, 435, - 422, 436, 440, 423, 422, 434, 425, 428, 437, 426, - 435, 427, 432, 432, 426, 436, 427, 432, 438, 433, - 431, 428, 439, 431, 433, 441, 435, 434, 436, 438, - - 437, 442, 434, 440, 444, 437, 443, 439, 445, 432, - 446, 447, 448, 449, 450, 438, 441, 445, 451, 439, - 452, 455, 441, 446, 452, 442, 444, 0, 442, 453, - 443, 444, 454, 443, 448, 445, 456, 446, 450, 448, - 451, 450, 447, 453, 449, 451, 454, 457, 458, 459, - 461, 452, 455, 459, 456, 0, 453, 460, 461, 454, - 462, 465, 457, 456, 463, 466, 0, 464, 468, 465, - 458, 457, 466, 463, 457, 458, 464, 461, 467, 473, - 459, 469, 460, 0, 460, 462, 468, 462, 465, 457, - 470, 463, 466, 469, 464, 468, 471, 472, 474, 470, - - 476, 467, 478, 475, 471, 467, 474, 481, 469, 472, - 473, 475, 477, 0, 479, 481, 484, 470, 478, 482, - 480, 0, 483, 471, 472, 474, 476, 476, 485, 478, - 475, 480, 486, 482, 481, 477, 479, 489, 484, 477, - 487, 479, 483, 484, 488, 490, 482, 480, 485, 483, - 492, 493, 491, 488, 486, 485, 494, 489, 495, 486, - 496, 500, 487, 490, 489, 491, 496, 487, 492, 501, - 498, 488, 490, 493, 497, 502, 501, 492, 493, 491, - 494, 495, 497, 494, 503, 495, 504, 496, 498, 505, - 517, 506, 500, 0, 507, 504, 501, 498, 502, 503, - - 497, 497, 502, 507, 508, 0, 508, 511, 517, 497, - 506, 503, 0, 504, 514, 519, 518, 517, 506, 511, - 505, 507, 521, 523, 514, 520, 0, 0, 525, 527, - 525, 508, 509, 526, 511, 524, 509, 518, 519, 509, - 0, 514, 519, 518, 524, 523, 509, 528, 532, 509, - 523, 520, 520, 521, 509, 525, 527, 526, 529, 509, - 526, 0, 524, 509, 531, 533, 509, 528, 0, 530, - 532, 534, 535, 509, 528, 532, 509, 522, 522, 537, - 522, 530, 0, 522, 529, 529, 536, 537, 522, 533, - 531, 531, 533, 534, 522, 522, 530, 535, 534, 535, - - 539, 536, 538, 522, 522, 522, 537, 522, 539, 538, - 522, 540, 542, 536, 541, 522, 544, 545, 543, 547, - 546, 522, 522, 548, 542, 544, 549, 539, 550, 538, - 540, 543, 545, 0, 552, 551, 558, 555, 540, 542, - 541, 541, 546, 544, 545, 543, 547, 546, 553, 554, - 556, 559, 550, 552, 548, 550, 551, 549, 554, 555, - 557, 552, 551, 558, 555, 560, 561, 553, 557, 559, - 556, 562, 564, 565, 569, 553, 554, 556, 559, 562, - 566, 567, 0, 568, 560, 570, 569, 557, 570, 574, - 564, 565, 560, 0, 567, 571, 573, 561, 562, 564, - - 565, 569, 573, 571, 566, 580, 576, 566, 567, 568, - 568, 574, 570, 576, 575, 587, 574, 578, 579, 571, - 575, 577, 571, 573, 578, 581, 577, 582, 580, 583, - 571, 584, 580, 576, 581, 582, 579, 585, 586, 590, - 591, 575, 587, 0, 578, 579, 584, 583, 577, 589, - 585, 592, 581, 588, 582, 593, 583, 0, 584, 586, - 588, 595, 589, 593, 585, 586, 596, 598, 597, 594, - 590, 591, 596, 599, 592, 601, 589, 594, 592, 602, - 588, 600, 593, 595, 594, 603, 604, 0, 595, 601, - 600, 606, 603, 596, 597, 597, 594, 599, 598, 607, - - 599, 608, 601, 610, 594, 605, 610, 609, 600, 611, - 602, 607, 603, 604, 605, 609, 612, 0, 606, 0, - 0, 614, 611, 612, 608, 0, 607, 0, 608, 616, - 610, 615, 605, 617, 609, 617, 611, 619, 618, 0, - 0, 616, 621, 612, 613, 620, 613, 614, 614, 619, - 613, 623, 613, 622, 615, 621, 616, 613, 615, 0, - 617, 618, 613, 624, 619, 618, 622, 620, 613, 621, - 626, 613, 620, 613, 623, 624, 625, 613, 623, 613, - 622, 627, 628, 629, 613, 630, 625, 631, 628, 613, - 624, 0, 626, 632, 627, 635, 629, 626, 625, 646, - - 634, 0, 0, 625, 637, 0, 630, 638, 627, 628, - 629, 636, 630, 625, 639, 634, 640, 635, 631, 637, - 632, 633, 635, 643, 636, 647, 633, 634, 633, 641, - 646, 637, 642, 638, 638, 640, 639, 644, 636, 633, - 642, 639, 641, 640, 649, 650, 633, 633, 633, 647, - 643, 0, 647, 633, 648, 633, 641, 651, 649, 642, - 644, 652, 648, 655, 644, 653, 633, 654, 656, 652, - 657, 649, 664, 633, 655, 659, 650, 658, 657, 651, - 660, 648, 659, 653, 651, 654, 656, 662, 652, 661, - 655, 663, 653, 660, 654, 656, 661, 657, 666, 658, - - 668, 667, 659, 664, 658, 662, 666, 660, 669, 663, - 667, 670, 668, 672, 662, 671, 661, 673, 663, 674, - 675, 677, 678, 0, 0, 666, 678, 668, 667, 0, - 669, 672, 677, 670, 675, 669, 679, 671, 670, 679, - 672, 680, 671, 673, 673, 681, 685, 675, 677, 682, - 674, 686, 683, 678, 684, 688, 682, 686, 681, 690, - 687, 684, 679, 679, 683, 680, 679, 689, 680, 692, - 685, 687, 681, 685, 691, 693, 682, 688, 686, 683, - 690, 684, 688, 695, 696, 691, 690, 687, 694, 689, - 692, 697, 695, 700, 689, 698, 692, 699, 701, 702, - - 697, 691, 693, 698, 699, 703, 694, 700, 696, 706, - 695, 696, 707, 709, 705, 694, 708, 710, 697, 713, - 700, 702, 698, 705, 699, 711, 702, 703, 707, 701, - 714, 708, 703, 706, 712, 716, 706, 711, 714, 707, - 715, 705, 718, 708, 709, 719, 713, 720, 710, 728, - 716, 718, 711, 715, 726, 720, 712, 714, 721, 729, - 721, 712, 716, 719, 725, 723, 726, 715, 727, 718, - 732, 730, 719, 723, 720, 727, 733, 725, 731, 734, - 728, 726, 735, 732, 737, 721, 740, 738, 736, 733, - 729, 725, 723, 730, 735, 727, 736, 732, 730, 738, - - 731, 734, 739, 733, 737, 731, 734, 741, 742, 735, - 739, 737, 743, 740, 738, 736, 744, 742, 745, 746, - 741, 750, 747, 744, 748, 752, 749, 0, 0, 739, - 750, 0, 753, 743, 741, 742, 751, 748, 754, 743, - 753, 746, 747, 744, 745, 745, 746, 752, 750, 747, - 749, 748, 752, 749, 751, 757, 755, 758, 759, 753, - 754, 760, 761, 751, 755, 754, 762, 765, 764, 760, - 759, 766, 763, 765, 761, 758, 764, 772, 757, 767, - 766, 0, 757, 755, 758, 759, 762, 763, 760, 761, - 768, 770, 773, 762, 765, 764, 769, 774, 766, 763, - - 767, 780, 768, 769, 775, 773, 767, 776, 772, 770, - 777, 775, 779, 781, 780, 782, 774, 768, 770, 773, - 779, 783, 778, 769, 774, 777, 778, 781, 780, 776, - 785, 775, 784, 787, 776, 783, 786, 777, 788, 779, - 781, 782, 782, 791, 789, 790, 792, 796, 783, 795, - 784, 797, 793, 778, 840, 787, 788, 799, 795, 784, - 787, 785, 786, 786, 792, 788, 789, 790, 794, 791, - 791, 789, 790, 792, 793, 798, 795, 803, 796, 793, - 799, 794, 797, 0, 799, 840, 805, 0, 0, 801, - 811, 807, 809, 803, 0, 794, 809, 798, 811, 806, - - 807, 808, 798, 800, 803, 812, 817, 810, 800, 805, - 800, 806, 800, 805, 800, 801, 801, 811, 807, 808, - 810, 800, 814, 809, 812, 813, 806, 815, 808, 816, - 800, 816, 812, 817, 810, 800, 815, 800, 813, 800, - 814, 800, 819, 818, 821, 822, 824, 826, 829, 814, - 823, 0, 813, 825, 815, 818, 816, 827, 823, 828, - 825, 0, 832, 831, 841, 828, 833, 822, 821, 819, - 818, 821, 822, 824, 826, 829, 830, 823, 834, 827, - 825, 832, 835, 830, 827, 831, 828, 836, 833, 832, - 831, 835, 837, 833, 842, 841, 838, 843, 845, 844, - - 847, 851, 846, 830, 834, 834, 845, 850, 836, 835, - 838, 850, 837, 848, 836, 849, 842, 844, 846, 837, - 848, 842, 849, 838, 852, 845, 844, 847, 843, 846, - 852, 853, 851, 854, 850, 855, 857, 852, 853, 856, - 848, 859, 849, 857, 855, 858, 861, 858, 854, 860, - 859, 852, 862, 863, 871, 0, 862, 852, 853, 865, - 854, 0, 855, 857, 867, 856, 856, 865, 859, 868, - 866, 860, 858, 861, 866, 863, 860, 869, 0, 862, - 863, 870, 867, 872, 873, 871, 865, 874, 868, 875, - 875, 867, 879, 877, 870, 874, 868, 0, 876, 879, - - 873, 866, 869, 878, 869, 880, 872, 876, 870, 881, - 872, 873, 878, 882, 874, 877, 875, 885, 881, 879, - 877, 882, 883, 886, 888, 876, 884, 889, 880, 885, - 878, 897, 880, 887, 890, 886, 881, 883, 894, 884, - 882, 887, 895, 891, 885, 892, 888, 889, 895, 883, - 886, 888, 891, 884, 889, 893, 890, 896, 898, 894, - 887, 890, 897, 892, 899, 894, 900, 893, 902, 895, - 891, 903, 892, 907, 905, 906, 909, 908, 904, 896, - 909, 911, 893, 905, 896, 908, 907, 0, 911, 898, - 899, 899, 900, 900, 903, 902, 904, 906, 903, 910, - - 907, 905, 906, 910, 908, 904, 912, 909, 911, 913, - 914, 915, 915, 916, 912, 918, 919, 913, 914, 0, - 917, 916, 924, 920, 919, 926, 921, 922, 924, 923, - 910, 920, 925, 912, 921, 922, 913, 914, 915, 927, - 916, 917, 923, 919, 925, 928, 918, 917, 929, 924, - 920, 926, 926, 921, 922, 930, 923, 931, 937, 925, - 928, 933, 932, 927, 934, 937, 927, 0, 938, 935, - 939, 943, 928, 935, 941, 929, 932, 930, 934, 933, - 931, 940, 930, 941, 931, 937, 935, 947, 933, 932, - 945, 934, 939, 948, 935, 938, 935, 939, 942, 945, - - 935, 941, 943, 949, 940, 942, 951, 0, 940, 947, - 953, 954, 956, 935, 947, 957, 958, 945, 960, 948, - 948, 959, 954, 959, 961, 942, 963, 964, 958, 966, - 967, 960, 962, 951, 949, 967, 956, 953, 954, 956, - 965, 957, 957, 958, 962, 960, 961, 965, 959, 968, - 964, 961, 969, 963, 964, 966, 966, 967, 970, 962, - 971, 973, 974, 0, 975, 968, 970, 965, 976, 0, - 977, 974, 980, 978, 979, 969, 968, 975, 982, 969, - 978, 979, 971, 984, 983, 970, 981, 971, 973, 974, - 980, 975, 977, 981, 976, 976, 986, 977, 989, 980, - - 978, 979, 985, 982, 988, 982, 983, 990, 995, 985, - 994, 983, 991, 981, 984, 990, 993, 988, 998, 993, - 999, 996, 0, 995, 1001, 989, 1004, 986, 996, 985, - 1009, 988, 1000, 991, 990, 995, 994, 994, 997, 991, - 1003, 997, 999, 993, 1005, 1011, 1001, 999, 996, 998, - 1000, 1001, 1002, 997, 1002, 1007, 1010, 1004, 1014, 1000, - 1006, 1009, 997, 1007, 1003, 997, 1008, 1003, 997, 1006, - 1005, 1005, 1013, 1008, 1015, 1016, 1011, 1012, 1010, 1002, - 997, 1012, 1007, 1010, 1016, 1014, 1021, 1006, 1017, 1022, - 1018, 1020, 1019, 1008, 1013, 1017, 1015, 1018, 1025, 1013, - - 1021, 1015, 1016, 1023, 1012, 1019, 1020, 1024, 1028, 1030, - 1023, 1025, 1031, 1021, 1024, 1017, 1026, 1018, 1020, 1019, - 1022, 1029, 1026, 0, 1031, 1025, 1032, 1034, 1029, 1033, - 1023, 1030, 1033, 1039, 1024, 1028, 1030, 1036, 1034, 1031, - 1040, 1041, 1036, 1026, 1042, 1044, 1032, 1033, 1029, 1036, - 1038, 1043, 1038, 1032, 1034, 1048, 1033, 1047, 1046, 1033, - 1039, 1046, 1043, 1044, 1036, 1041, 1042, 1040, 1041, 1036, - 1049, 1042, 1044, 1045, 1052, 1047, 1046, 1038, 1043, 1051, - 1050, 1045, 1053, 1052, 1047, 1046, 1048, 1050, 1046, 1055, - 1057, 1054, 1057, 1051, 1058, 1053, 1059, 1049, 1062, 1060, - - 1045, 1052, 1054, 1058, 1055, 1063, 1051, 1050, 0, 1053, - 1060, 1061, 1064, 1067, 1070, 1064, 1055, 1057, 1054, 1063, - 1062, 1058, 1059, 1059, 1065, 1062, 1060, 1068, 1069, 1061, - 1064, 1063, 1063, 1065, 1072, 1071, 1068, 1073, 1061, 1064, - 1078, 1072, 1064, 1074, 1067, 1070, 1063, 1075, 1078, 1080, - 1069, 1065, 1083, 1075, 1068, 1069, 1071, 1074, 1079, 1087, - 1081, 1072, 1071, 1080, 1082, 0, 1085, 1078, 1073, 1081, - 1074, 1075, 1082, 1084, 1075, 1085, 1080, 1079, 1089, 1093, - 1075, 1088, 1090, 1083, 1084, 1079, 1087, 1081, 1088, 1091, - 1092, 1082, 1094, 1085, 1097, 1096, 1094, 1093, 1099, 1100, - - 1084, 1089, 1098, 1103, 1090, 1089, 1093, 1096, 1088, 1090, - 1107, 1091, 1092, 1101, 1100, 1098, 1091, 1092, 1099, 1094, - 1104, 1097, 1096, 1102, 1105, 1099, 1100, 1106, 1101, 1098, - 1109, 1102, 1108, 1105, 1103, 1104, 1111, 1107, 1113, 0, - 1101, 0, 1112, 1118, 1115, 0, 1114, 1104, 1106, 1116, - 1102, 1105, 1119, 1117, 1106, 1118, 1108, 1109, 1111, 1108, - 1112, 1114, 1123, 1111, 1120, 1113, 1115, 1116, 1117, 1112, - 1118, 1115, 1122, 1114, 1119, 1124, 1116, 1120, 1121, 1119, - 1117, 1125, 1120, 1127, 1122, 1121, 1126, 1125, 1128, 1123, - 1127, 1120, 1130, 1129, 1126, 1131, 1132, 1134, 1133, 1122, - - 1129, 1131, 1135, 1137, 1120, 1121, 1124, 1139, 1125, 1138, - 1127, 1143, 1140, 1126, 1140, 1128, 1141, 1153, 1138, 1130, - 1129, 1133, 1131, 1132, 1142, 1133, 1135, 0, 1134, 1135, - 1144, 1144, 1144, 1145, 1137, 1147, 1138, 1144, 1139, 1140, - 1145, 1146, 1143, 1141, 1153, 1144, 1148, 1173, 1146, 1151, - 1142, 1142, 1150, 1148, 1155, 1152, 1150, 1144, 1144, 1144, - 1145, 1152, 1151, 1158, 1144, 1156, 1147, 1159, 1146, 1154, - 1154, 1163, 1156, 1148, 1157, 1162, 1151, 0, 1173, 1157, - 1155, 1155, 1152, 1150, 1165, 1164, 0, 1166, 1172, 1158, - 1158, 1168, 1156, 1162, 1159, 1178, 1154, 1164, 1163, 1167, - - 1167, 1157, 1162, 1175, 1165, 1166, 1169, 1169, 1170, 1174, - 1172, 1165, 1164, 1176, 1166, 1172, 1174, 1168, 1168, 1170, - 1177, 1179, 1178, 1175, 0, 1181, 1167, 1180, 0, 1182, - 1175, 1183, 1181, 1169, 1187, 1170, 1174, 1182, 1184, 1194, - 1185, 1186, 1186, 1179, 1176, 1180, 1183, 1188, 1179, 1185, - 1191, 1177, 1181, 1193, 1180, 1189, 1182, 1190, 1183, 1188, - 1187, 1187, 1184, 1189, 1192, 1184, 1194, 1185, 1186, 1190, - 1195, 1193, 1196, 1191, 1188, 1195, 1198, 1191, 1200, 1201, - 1193, 1197, 1189, 1199, 1190, 1192, 1195, 1197, 1202, 1198, - 1199, 1192, 1202, 1203, 1204, 1204, 1205, 1195, 1206, 1196, - - 1208, 0, 1195, 1198, 1212, 1209, 1201, 1210, 1197, 1200, - 1199, 1205, 1211, 1213, 1211, 1208, 1214, 1218, 1213, 1202, - 0, 1204, 1210, 1205, 1203, 1217, 1215, 1208, 1209, 1206, - 1219, 1220, 1209, 1222, 1210, 1212, 0, 1223, 1221, 1211, - 1213, 1215, 1224, 1218, 1218, 1221, 1227, 1214, 1225, 1217, - 1229, 1233, 1217, 1215, 1222, 1230, 1232, 1219, 1220, 1223, - 1222, 0, 1235, 1224, 1223, 1221, 1225, 1236, 1227, 1224, - 1230, 1232, 1234, 1227, 1229, 1225, 1236, 1229, 1233, 1234, - 1235, 1238, 1230, 1232, 1237, 1239, 1240, 1241, 1244, 1235, - 0, 1245, 1237, 1248, 1236, 1243, 1254, 1244, 1246, 1234, - - 1241, 0, 1250, 1257, 1238, 1258, 1243, 1239, 1238, 1245, - 1253, 1237, 1239, 1250, 1241, 1244, 1246, 1240, 1245, 1252, - 1248, 1243, 1243, 1253, 1255, 1246, 1256, 1254, 1257, 1250, - 1257, 1252, 1258, 1243, 1255, 1260, 1261, 1253, 1262, 1263, - 0, 1264, 0, 1261, 1265, 1266, 1252, 1264, 1268, 1268, - 0, 1255, 1256, 1256, 1267, 1260, 0, 1263, 1269, 1265, - 1266, 1270, 1260, 1261, 1262, 1262, 1263, 1275, 1264, 1267, - 1269, 1265, 1266, 1272, 1270, 1268, 1273, 1276, 1277, 0, - 1272, 1267, 1270, 1273, 1278, 1269, 1283, 1277, 1270, 1275, - 1279, 1281, 1284, 1286, 1275, 1285, 1285, 1292, 1287, 1283, - - 1272, 1270, 1276, 1273, 1276, 1277, 1278, 1288, 1289, 1281, - 1279, 1278, 1290, 1283, 1293, 1286, 1299, 1279, 1281, 1284, - 1286, 1290, 1285, 1287, 1291, 1287, 1294, 1295, 1292, 1288, - 1289, 1291, 1300, 1306, 1288, 1289, 1293, 1297, 1301, 1290, - 1294, 1293, 1298, 1299, 1303, 1297, 1295, 0, 1306, 1302, - 1301, 1291, 1304, 1294, 1295, 1298, 1302, 1305, 1300, 1300, - 1306, 1308, 1309, 1307, 1297, 1301, 1307, 1310, 1311, 1298, - 1313, 1317, 0, 1316, 1304, 1303, 1302, 1314, 1317, 1304, - 1319, 1307, 1305, 1311, 1305, 1310, 1308, 1316, 1308, 1309, - 1307, 1319, 1313, 1307, 1310, 1311, 1318, 1313, 1317, 1314, - - 1316, 1321, 1324, 1323, 1314, 1318, 1325, 1319, 1325, 1326, - 1327, 1329, 1330, 1328, 1324, 1335, 0, 1339, 1331, 0, - 1330, 1332, 1321, 1318, 1323, 1341, 1345, 1326, 1321, 1324, - 1323, 1328, 1333, 1325, 1335, 1340, 1326, 1327, 1329, 1330, - 1328, 1331, 1335, 1332, 1339, 1331, 1333, 1334, 1332, 1336, - 1343, 1334, 1341, 1340, 1342, 1344, 1336, 1345, 1347, 1333, - 1352, 1346, 1340, 1355, 1344, 1343, 1349, 1350, 1349, 1351, - 1353, 1356, 1352, 1351, 1355, 1354, 1336, 1343, 1334, 1358, - 1342, 1342, 1344, 1346, 1354, 1347, 1357, 1352, 1346, 1350, - 1355, 1358, 1353, 1349, 1350, 1359, 1351, 1353, 1356, 1360, - - 1360, 1364, 1354, 1361, 1363, 1364, 1358, 1365, 1366, 1357, - 1365, 1361, 1363, 1357, 1367, 1369, 1366, 1359, 1368, 1371, - 1367, 1369, 1359, 1372, 1373, 1375, 1360, 1374, 1364, 1376, - 1361, 1363, 1377, 1368, 1365, 1366, 1378, 1379, 1373, 1375, - 1374, 1367, 1369, 1380, 1383, 1368, 1371, 1372, 1381, 1379, - 1372, 1373, 1375, 1384, 1374, 1376, 1376, 1380, 1382, 1377, - 1385, 1382, 1387, 1378, 1379, 1386, 1389, 1390, 1388, 1393, - 1380, 1383, 1394, 1386, 1381, 1381, 1382, 1388, 1391, 1396, - 1384, 1398, 1395, 1401, 0, 1382, 1391, 1385, 1382, 1387, - 1395, 1393, 1386, 1389, 1390, 1388, 1393, 1399, 1397, 1394, - - 1400, 1403, 1398, 1402, 1404, 1391, 1396, 1397, 1398, 1395, - 1401, 1402, 1404, 1403, 1405, 1400, 1407, 1409, 1408, 1411, - 0, 1399, 1408, 1407, 1399, 1397, 1400, 1400, 1403, 1409, - 1402, 1404, 1410, 1413, 1414, 1414, 1415, 1418, 1416, 1412, - 1421, 1405, 1400, 1407, 1409, 1408, 1411, 1412, 1419, 1420, - 1423, 1420, 1418, 1426, 1421, 1410, 1416, 1424, 1429, 1410, - 1413, 1414, 1415, 1415, 1418, 1416, 1412, 1421, 1422, 1425, - 1419, 1426, 1423, 1427, 1422, 1419, 1420, 1423, 1430, 1424, - 1426, 1425, 1435, 1432, 1424, 1428, 1434, 1436, 0, 1429, - 1432, 1427, 1443, 0, 1437, 1422, 1425, 0, 1428, 1440, - - 1427, 1430, 1437, 1445, 1434, 1430, 1441, 1443, 1435, 1435, - 1432, 1440, 1428, 1434, 1446, 1438, 1447, 1438, 1436, 1443, - 1437, 1437, 1438, 1447, 1441, 1448, 1440, 1445, 1449, 1437, - 1445, 1451, 1452, 1441, 1453, 1454, 1446, 1457, 1455, 1456, - 1448, 1446, 1438, 1447, 1438, 1452, 1459, 1456, 1460, 1461, - 1454, 1455, 1448, 0, 1469, 1449, 1462, 1466, 1451, 1452, - 1453, 1453, 1454, 1457, 1457, 1455, 1456, 1463, 1465, 1459, - 1464, 1468, 1460, 1459, 1463, 1460, 1461, 1464, 1462, 1467, - 1466, 1465, 1470, 1462, 1466, 1469, 1467, 1474, 1472, 1473, - 1482, 1482, 0, 1468, 1463, 1465, 1476, 1464, 1468, 1472, - - 1475, 1479, 1481, 1470, 1480, 1487, 1467, 1483, 1493, 1470, - 1495, 1473, 1497, 1489, 1479, 1472, 1473, 1482, 1474, 1475, - 1492, 1476, 1489, 1476, 1498, 1499, 1481, 1475, 1479, 1481, - 1480, 1480, 1487, 1483, 1483, 1493, 1499, 1495, 1501, 1500, - 1489, 1503, 1492, 1497, 1500, 1505, 1504, 1492, 1508, 1503, - 1498, 1498, 1499, 1507, 1509, 1510, 1512, 0, 1518, 1519, - 1501, 1504, 1514, 1509, 1516, 1501, 1500, 1510, 1503, 1515, - 1517, 1507, 1505, 1504, 1520, 1521, 1529, 1516, 1522, 1508, - 1507, 1509, 1510, 1512, 1514, 1518, 1519, 1522, 1523, 1514, - 1521, 1516, 1517, 1524, 1515, 1525, 1515, 1517, 1526, 1527, - - 1528, 1520, 1521, 1529, 1533, 1522, 1530, 1528, 1524, 1532, - 1525, 1531, 1531, 1526, 1523, 1523, 1532, 1535, 1533, 1536, - 1524, 1527, 1525, 1537, 1530, 1526, 1527, 1528, 1538, 1534, - 1535, 1533, 1534, 1530, 1539, 1540, 1532, 1538, 1531, 1539, - 1542, 1537, 1541, 1543, 1535, 1536, 1536, 1544, 1549, 1556, - 1537, 1547, 1550, 1549, 1548, 1538, 1534, 1540, 1547, 1550, - 1554, 1539, 1540, 1548, 1541, 1551, 0, 1542, 1559, 1541, - 1543, 1553, 1557, 1544, 1544, 1549, 1556, 1552, 1547, 1550, - 1553, 1548, 1558, 1551, 1552, 1560, 1554, 1554, 1559, 1563, - 1557, 1558, 1551, 1561, 1562, 1559, 1565, 1560, 1553, 1557, - - 1563, 1567, 1561, 1562, 1552, 1564, 1566, 1568, 1570, 1558, - 1567, 1571, 1560, 1564, 1569, 1574, 1563, 1572, 1571, 1568, - 1561, 1562, 1569, 1565, 1572, 1573, 1580, 1576, 1567, 1582, - 1570, 1577, 1564, 1580, 1568, 1570, 1581, 1566, 1571, 1577, - 1574, 1569, 1574, 1583, 1572, 1576, 1585, 1573, 1584, 1586, - 1588, 1589, 1573, 1580, 1576, 1583, 1582, 1584, 1577, 1590, - 1581, 1593, 1588, 1581, 1595, 1591, 1596, 0, 1600, 1602, - 1583, 0, 1586, 1585, 1589, 1584, 1586, 1588, 1589, 1591, - 1601, 1594, 1603, 1602, 1604, 1601, 1590, 0, 1593, 1594, - 1605, 1595, 1591, 1596, 1600, 1600, 1602, 1606, 1609, 1607, - - 1603, 1610, 1612, 1613, 1614, 1606, 1604, 1601, 1594, 1603, - 1609, 1604, 1605, 1611, 1612, 1616, 1615, 1605, 1607, 1617, - 1619, 1620, 1618, 1610, 1606, 1609, 1607, 1623, 1610, 1612, - 1613, 1614, 1624, 1625, 0, 1611, 1615, 1616, 1631, 1626, - 1611, 1623, 1616, 1615, 1618, 1628, 1627, 1619, 1620, 1618, - 1617, 1629, 1630, 1631, 1623, 0, 1625, 1628, 1633, 1634, - 1625, 1626, 1635, 1624, 1627, 1631, 1626, 0, 0, 1636, - 1629, 1635, 1628, 1627, 1630, 1637, 1638, 1640, 1629, 1630, - 1639, 1634, 1633, 1636, 1642, 1633, 1634, 1645, 1649, 1635, - 1643, 1644, 1642, 1637, 1638, 1640, 1636, 1643, 1647, 1644, - - 1646, 1648, 1637, 1638, 1640, 0, 1639, 1639, 1646, 1651, - 1652, 1642, 1650, 1648, 1645, 1649, 1647, 1643, 1644, 1653, - 1650, 1654, 1656, 1661, 1659, 1647, 1663, 1646, 1648, 1660, - 1657, 1665, 1651, 1669, 1668, 1661, 1651, 1652, 1653, 1650, - 1656, 1668, 1660, 1654, 1657, 1670, 1653, 1659, 1654, 1656, - 1661, 1659, 1663, 1663, 1671, 1672, 1660, 1657, 1665, 1669, - 1669, 1668, 1673, 1674, 1675, 1677, 1676, 1678, 1685, 0, - 0, 1682, 1670, 1675, 1679, 1682, 1683, 1684, 1671, 1676, - 1683, 1671, 1672, 1688, 1690, 1689, 1689, 0, 1694, 1673, - 1674, 1675, 1709, 1676, 1678, 1689, 1677, 1679, 1684, 1685, - - 1691, 1679, 1682, 1683, 1684, 1688, 1690, 1692, 1693, 1691, - 1688, 1690, 1689, 1689, 1692, 1694, 1695, 1696, 1697, 1709, - 1698, 1693, 1699, 1703, 1695, 1700, 1697, 1691, 1701, 0, - 1703, 1702, 1704, 1704, 1692, 1693, 1696, 0, 1705, 1701, - 1713, 1714, 1710, 1695, 1696, 1697, 1698, 1698, 1699, 1699, - 1703, 1700, 1700, 1702, 1706, 1701, 1705, 1707, 1702, 1704, - 1717, 1706, 1711, 1714, 1707, 1705, 1710, 1713, 1714, 1710, - 1716, 1711, 1718, 1719, 1720, 1723, 1721, 0, 1722, 1716, - 1721, 1706, 1732, 1726, 1707, 1725, 1720, 1717, 1728, 1711, - 1728, 1719, 1722, 1723, 1733, 1718, 1734, 1716, 1726, 1718, - - 1719, 1720, 1723, 1725, 1732, 1722, 1736, 1721, 1737, 1732, - 1726, 1737, 1725, 1739, 1734, 1728, 1742, 1741, 1740, 1743, - 1733, 1733, 1745, 1734, 1741, 1743, 1744, 1746, 1736, 1748, - 1747, 1745, 1747, 1736, 1737, 1737, 1740, 1752, 1737, 1751, - 1739, 1753, 1750, 1755, 1741, 1740, 1743, 1742, 1744, 1745, - 1750, 1751, 1754, 1744, 1756, 1753, 1748, 1747, 1746, 1757, - 1761, 1755, 1759, 1758, 1752, 1756, 1751, 1757, 1753, 1750, - 1755, 1760, 1760, 1764, 1765, 1754, 1767, 1762, 1770, 1754, - 1768, 1756, 1758, 1773, 1759, 1762, 1757, 1761, 1771, 1759, - 1758, 1773, 1772, 0, 1775, 1771, 1772, 1778, 1760, 1776, - - 1764, 1765, 1768, 1767, 1762, 1770, 1777, 1768, 1779, 1780, - 1773, 1777, 1776, 1781, 1783, 1771, 1782, 1780, 1784, 1772, - 1775, 1775, 1785, 1782, 1778, 1788, 1776, 1789, 1781, 1787, - 1791, 1790, 1788, 1777, 1792, 1779, 1780, 1794, 1791, 1796, - 1781, 1783, 1784, 1782, 1787, 1784, 1799, 1797, 1785, 1785, - 1800, 1789, 1788, 1790, 1789, 1797, 1787, 1791, 1790, 1793, - 1793, 1802, 1801, 1803, 1794, 1792, 1796, 1804, 1805, 1793, - 1806, 1808, 1800, 1799, 1797, 1801, 1812, 1800, 1814, 1818, - 1815, 1817, 1819, 1802, 1816, 1823, 1793, 1793, 1802, 1801, - 1803, 1816, 1806, 1815, 1804, 1805, 1822, 1806, 1808, 1817, - - 1824, 1829, 1812, 1812, 1819, 1814, 1818, 1815, 1817, 1819, - 1826, 1816, 1823, 1827, 1828, 1822, 1829, 1826, 1832, 1830, - 1827, 1831, 1824, 1822, 1833, 1833, 1834, 1824, 1829, 1832, - 1831, 1840, 1834, 1835, 1833, 1838, 1828, 1826, 1830, 1841, - 1827, 1828, 1838, 1846, 1842, 1832, 1830, 1850, 1831, 1848, - 1851, 1833, 1833, 1834, 1854, 1835, 1852, 0, 1840, 1851, - 1835, 1855, 1838, 1859, 1858, 1860, 1841, 1842, 1861, 1852, - 1846, 1842, 1848, 1855, 1850, 1857, 1848, 1851, 1862, 1866, - 1869, 1854, 1858, 1852, 1857, 1863, 1864, 1863, 1855, 1859, - 1859, 1858, 1860, 1865, 1867, 1861, 1868, 1872, 1864, 1865, - - 1862, 1866, 1857, 1874, 1868, 1862, 1866, 1869, 1876, 1877, - 1879, 1882, 1863, 1864, 1880, 1881, 1867, 1886, 1887, 1885, - 1865, 1867, 1888, 1868, 1872, 1879, 1876, 1881, 1895, 0, - 1874, 1887, 0, 1897, 0, 1876, 1877, 1879, 1882, 1889, - 1880, 1880, 1881, 1885, 1888, 1887, 1885, 1889, 1886, 1888, - 1890, 1891, 1895, 1901, 1898, 1895, 1897, 1899, 1902, 1890, - 1897, 1898, 1891, 1903, 1904, 1905, 1889, 1907, 1908, 1901, - 1899, 1903, 1902, 1904, 1909, 1908, 1905, 1890, 1891, 1907, - 1901, 1898, 1910, 1911, 1899, 1902, 1906, 1912, 1906, 1913, - 1903, 1904, 1905, 1914, 1907, 1908, 1915, 1917, 1915, 1918, - - 1910, 1909, 1919, 1925, 1926, 1916, 1921, 0, 0, 1910, - 1911, 1913, 1918, 1906, 1912, 1914, 1913, 1916, 1921, 1924, - 1914, 1936, 1928, 1915, 1927, 0, 1918, 1924, 1917, 1919, - 1929, 1931, 1916, 1921, 1925, 1926, 1928, 1927, 1929, 1932, - 1933, 1934, 1935, 1936, 1931, 1938, 1924, 1932, 1936, 1928, - 1935, 1927, 1937, 1938, 1933, 1934, 1939, 1929, 1931, 1940, - 1944, 1945, 1941, 1942, 0, 1943, 1932, 1933, 1934, 1935, - 1947, 0, 1938, 1943, 1937, 1946, 1949, 0, 1947, 1937, - 0, 1940, 1939, 1939, 1941, 1942, 1940, 1953, 1945, 1941, - 1942, 1944, 1943, 1948, 1951, 1946, 1950, 1947, 1954, 1956, - - 1958, 1948, 1946, 1955, 1950, 1957, 1954, 1949, 1951, 1953, - 1959, 1955, 1960, 1956, 1953, 1961, 1963, 1965, 1959, 0, - 1948, 1951, 1958, 1950, 1962, 1954, 1956, 1958, 0, 1966, - 1955, 1957, 1957, 1967, 0, 1969, 1963, 1959, 1960, 1960, - 1964, 1961, 1961, 1963, 1965, 0, 1962, 1968, 1964, 1966, - 1970, 1962, 1976, 1967, 1972, 1968, 1966, 1969, 1970, 1980, - 1967, 1973, 1969, 1974, 1975, 1977, 0, 1964, 1979, 1981, - 1982, 1974, 1975, 1977, 1968, 1983, 1972, 1970, 1976, 1976, - 1984, 1972, 1986, 1973, 1989, 1978, 1980, 1992, 1973, 1981, - 1974, 1975, 1977, 1978, 1979, 1979, 1981, 1982, 1993, 0, - - 1984, 0, 1983, 0, 1986, 1990, 1989, 1984, 1991, 1986, - 0, 1989, 1978, 1990, 1992, 0, 1991, 0, 0, 0, - 0, 0, 0, 0, 0, 1993, 0, 0, 0, 0, - 0, 0, 1990, 0, 0, 1991, 1997, 1997, 1997, 1997, - 1997, 1997, 1997, 1998, 1998, 1998, 1998, 1998, 1998, 1998, - 1999, 1999, 1999, 1999, 1999, 1999, 1999, 2000, 2000, 2000, - 2000, 2000, 2000, 2000, 2001, 2001, 2001, 2001, 2001, 2001, - 2001, 2003, 2003, 0, 2003, 2003, 2003, 2003, 2004, 2004, - 0, 0, 0, 2004, 2004, 2005, 2005, 0, 0, 2005, - 0, 2005, 2006, 0, 0, 0, 0, 0, 2006, 2007, - - 2007, 0, 0, 0, 2007, 2007, 2008, 0, 0, 0, - 0, 0, 2008, 2009, 2009, 0, 2009, 2009, 2009, 2009, - 2010, 2010, 0, 2010, 2010, 2010, 2010, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, 1996, - 1996, 1996, 1996 - + 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, + 4, 4, 5, 5, 6, 6, 5, 27, 6, 7, + 7, 7, 7, 671, 7, 8, 8, 8, 8, 27, + 8, 9, 9, 9, 10, 10, 10, 15, 45, 45, + + 2170, 15, 23, 3, 27, 50, 4, 769, 50, 5, + 19, 6, 19, 19, 671, 19, 140, 7, 29, 61, + 61, 19, 23, 8, 138, 23, 20, 20, 9, 23, + 29, 10, 11, 11, 11, 11, 11, 11, 12, 12, + 12, 12, 12, 12, 20, 29, 24, 137, 19, 23, + 20, 25, 11, 20, 20, 21, 75, 32, 12, 25, + 24, 70, 21, 32, 853, 70, 21, 96, 28, 21, + 11, 20, 24, 24, 132, 132, 12, 25, 25, 11, + 75, 21, 21, 75, 32, 12, 25, 24, 26, 21, + 28, 26, 853, 21, 30, 28, 21, 22, 26, 96, + + 26, 22, 30, 135, 22, 116, 22, 22, 30, 133, + 31, 26, 30, 34, 31, 26, 77, 116, 26, 22, + 30, 30, 76, 77, 22, 26, 34, 26, 22, 30, + 31, 22, 116, 22, 22, 30, 31, 31, 35, 30, + 34, 31, 35, 77, 134, 76, 37, 134, 37, 76, + 100, 131, 35, 100, 38, 35, 84, 31, 33, 38, + 68, 84, 33, 37, 35, 35, 39, 38, 33, 35, + 39, 33, 37, 37, 39, 37, 80, 100, 33, 35, + 33, 38, 35, 84, 62, 33, 38, 139, 139, 33, + 37, 66, 39, 39, 80, 33, 125, 39, 33, 85, + + 762, 39, 125, 80, 66, 33, 36, 85, 40, 36, + 40, 40, 56, 40, 56, 56, 36, 56, 66, 40, + 36, 36, 64, 125, 64, 64, 85, 64, 36, 67, + 762, 67, 67, 36, 67, 69, 36, 69, 69, 72, + 69, 72, 72, 36, 72, 78, 69, 36, 36, 81, + 72, 87, 79, 82, 83, 83, 57, 86, 78, 82, + 64, 79, 81, 83, 87, 52, 88, 89, 92, 78, + 51, 266, 78, 88, 82, 86, 81, 72, 87, 79, + 82, 83, 83, 89, 93, 78, 82, 90, 91, 86, + 94, 92, 97, 88, 89, 92, 90, 91, 266, 101, + + 97, 46, 86, 94, 95, 98, 93, 95, 104, 99, + 103, 93, 101, 99, 90, 91, 102, 94, 105, 97, + 95, 95, 104, 109, 41, 98, 101, 98, 95, 14, + 103, 95, 98, 99, 95, 104, 99, 103, 105, 102, + 99, 106, 107, 102, 108, 105, 109, 95, 95, 107, + 109, 110, 98, 108, 111, 106, 112, 114, 111, 115, + 110, 113, 117, 112, 114, 115, 119, 120, 106, 107, + 117, 108, 13, 115, 0, 122, 111, 0, 110, 0, + 119, 111, 121, 112, 114, 111, 115, 113, 113, 117, + 118, 123, 115, 119, 118, 122, 124, 121, 0, 120, + + 123, 122, 122, 118, 126, 127, 129, 124, 130, 121, + 0, 128, 0, 0, 0, 129, 0, 118, 123, 0, + 0, 118, 122, 124, 144, 126, 128, 127, 145, 126, + 130, 126, 127, 129, 136, 130, 136, 136, 128, 136, + 141, 146, 141, 141, 142, 141, 142, 142, 144, 142, + 145, 144, 126, 147, 149, 145, 148, 150, 0, 152, + 153, 154, 149, 151, 157, 147, 152, 154, 0, 150, + 155, 0, 156, 146, 160, 148, 0, 176, 153, 0, + 147, 149, 142, 148, 150, 151, 152, 153, 230, 162, + 151, 158, 155, 154, 154, 158, 157, 155, 156, 156, + + 160, 160, 161, 163, 164, 165, 168, 167, 164, 176, + 161, 162, 158, 0, 166, 170, 162, 230, 168, 158, + 167, 0, 158, 0, 170, 163, 171, 172, 165, 161, + 163, 164, 165, 168, 167, 177, 166, 179, 0, 158, + 159, 166, 170, 169, 174, 159, 169, 180, 171, 172, + 159, 174, 0, 171, 172, 175, 159, 159, 169, 173, + 182, 177, 177, 159, 173, 180, 175, 159, 178, 179, + 169, 174, 159, 169, 180, 181, 173, 159, 173, 178, + 184, 181, 175, 159, 159, 173, 173, 183, 185, 0, + 186, 173, 182, 0, 187, 188, 191, 189, 190, 192, + + 178, 191, 181, 173, 189, 173, 178, 194, 187, 183, + 186, 201, 184, 193, 183, 203, 188, 186, 192, 190, + 185, 187, 188, 191, 189, 190, 192, 193, 196, 194, + 195, 197, 198, 199, 194, 207, 200, 205, 197, 196, + 193, 200, 195, 201, 202, 202, 206, 203, 210, 212, + 0, 0, 218, 202, 198, 196, 199, 195, 197, 198, + 199, 204, 205, 200, 205, 209, 206, 207, 204, 208, + 211, 202, 202, 206, 210, 210, 220, 208, 213, 214, + 209, 212, 215, 214, 218, 217, 216, 221, 204, 219, + 0, 223, 209, 211, 216, 213, 208, 215, 225, 221, + + 223, 0, 211, 213, 217, 213, 214, 227, 220, 215, + 222, 219, 217, 216, 221, 224, 219, 225, 223, 226, + 211, 226, 213, 222, 228, 225, 229, 231, 224, 232, + 234, 227, 233, 235, 227, 0, 231, 222, 236, 239, + 237, 234, 224, 238, 241, 235, 226, 242, 244, 228, + 0, 228, 229, 229, 231, 232, 232, 234, 233, 233, + 235, 238, 236, 237, 240, 236, 243, 237, 245, 246, + 238, 239, 248, 242, 242, 245, 241, 240, 246, 247, + 244, 249, 252, 251, 0, 247, 248, 250, 243, 253, + 257, 240, 251, 243, 254, 245, 246, 0, 253, 248, + + 256, 258, 259, 255, 0, 252, 247, 249, 249, 252, + 251, 250, 255, 272, 250, 256, 253, 259, 261, 262, + 254, 254, 257, 260, 263, 258, 0, 256, 258, 259, + 255, 260, 260, 264, 260, 0, 261, 262, 263, 267, + 272, 260, 0, 262, 268, 261, 262, 268, 264, 278, + 260, 263, 265, 265, 268, 269, 278, 270, 260, 260, + 264, 260, 274, 267, 262, 271, 267, 269, 273, 275, + 277, 268, 276, 280, 268, 270, 278, 265, 282, 265, + 265, 275, 269, 271, 270, 277, 279, 283, 274, 274, + 273, 412, 271, 281, 276, 273, 275, 277, 279, 276, + + 281, 284, 285, 286, 285, 280, 289, 284, 0, 283, + 282, 0, 292, 279, 283, 290, 286, 288, 412, 292, + 281, 0, 287, 284, 293, 287, 285, 287, 284, 285, + 286, 285, 291, 287, 284, 288, 293, 290, 289, 292, + 291, 295, 290, 294, 288, 296, 291, 305, 298, 287, + 300, 293, 287, 299, 287, 300, 294, 295, 296, 291, + 298, 303, 0, 301, 343, 295, 302, 291, 295, 301, + 294, 299, 296, 303, 302, 298, 304, 306, 343, 305, + 299, 306, 300, 304, 295, 297, 297, 307, 303, 308, + 301, 343, 0, 302, 307, 297, 308, 297, 297, 297, + + 0, 310, 297, 304, 306, 309, 311, 312, 313, 316, + 297, 0, 297, 297, 307, 313, 308, 309, 311, 314, + 318, 319, 297, 310, 297, 297, 297, 315, 310, 297, + 321, 318, 309, 311, 314, 313, 317, 321, 317, 312, + 315, 316, 322, 319, 320, 320, 314, 318, 319, 323, + 325, 324, 0, 322, 315, 0, 326, 321, 328, 327, + 323, 0, 332, 317, 324, 0, 0, 328, 329, 322, + 331, 335, 334, 320, 327, 325, 323, 325, 324, 326, + 330, 329, 327, 326, 332, 328, 327, 333, 331, 332, + 334, 330, 337, 330, 336, 329, 341, 331, 330, 334, + + 336, 327, 338, 335, 339, 340, 342, 330, 344, 345, + 333, 0, 340, 337, 333, 346, 368, 348, 330, 337, + 330, 336, 341, 341, 347, 338, 339, 349, 342, 338, + 347, 339, 340, 342, 344, 344, 352, 350, 346, 348, + 351, 345, 346, 353, 348, 349, 354, 355, 368, 356, + 0, 347, 350, 355, 349, 351, 358, 0, 360, 352, + 359, 361, 0, 352, 350, 362, 359, 351, 354, 353, + 353, 363, 362, 354, 355, 356, 356, 360, 392, 361, + 372, 367, 358, 358, 369, 360, 363, 359, 361, 366, + 370, 365, 362, 365, 367, 373, 366, 371, 363, 372, + + 365, 374, 369, 375, 392, 392, 376, 372, 367, 377, + 371, 369, 370, 409, 380, 379, 366, 370, 365, 376, + 365, 379, 409, 382, 371, 374, 375, 373, 374, 378, + 0, 377, 381, 376, 378, 375, 377, 380, 383, 384, + 409, 380, 379, 387, 381, 382, 388, 384, 386, 383, + 382, 387, 389, 375, 390, 386, 378, 388, 0, 381, + 394, 391, 389, 0, 395, 383, 384, 385, 391, 393, + 387, 393, 385, 388, 385, 386, 395, 0, 390, 0, + 396, 390, 385, 407, 389, 385, 394, 394, 391, 389, + 397, 395, 385, 385, 385, 396, 393, 398, 399, 385, + + 400, 385, 397, 399, 403, 398, 402, 396, 401, 385, + 411, 404, 385, 406, 402, 407, 403, 397, 413, 385, + 410, 415, 400, 0, 398, 399, 401, 400, 408, 411, + 414, 403, 404, 402, 410, 401, 406, 411, 404, 416, + 406, 417, 419, 408, 418, 414, 420, 410, 421, 422, + 413, 421, 425, 415, 416, 408, 418, 414, 423, 421, + 422, 426, 428, 423, 419, 417, 416, 424, 417, 419, + 420, 418, 427, 420, 429, 421, 422, 430, 421, 425, + 431, 424, 0, 432, 433, 435, 431, 434, 426, 428, + 423, 436, 433, 437, 424, 441, 0, 439, 0, 442, + + 0, 429, 443, 0, 427, 432, 434, 431, 435, 430, + 432, 433, 435, 438, 434, 443, 437, 446, 440, 439, + 437, 442, 438, 436, 439, 440, 442, 441, 444, 443, + 445, 448, 447, 444, 449, 450, 451, 444, 0, 445, + 438, 447, 453, 446, 446, 440, 0, 452, 450, 454, + 0, 455, 444, 448, 463, 444, 449, 445, 448, 447, + 444, 449, 450, 456, 444, 452, 453, 0, 451, 453, + 457, 454, 454, 455, 452, 458, 454, 459, 455, 462, + 461, 457, 460, 0, 464, 456, 463, 468, 465, 458, + 456, 461, 466, 470, 462, 467, 468, 457, 454, 459, + + 460, 471, 458, 473, 459, 464, 462, 461, 469, 460, + 472, 464, 465, 0, 468, 465, 466, 467, 474, 466, + 476, 469, 467, 471, 475, 470, 478, 473, 471, 475, + 473, 0, 477, 479, 476, 469, 480, 481, 482, 0, + 474, 479, 472, 484, 483, 474, 477, 476, 484, 0, + 485, 0, 481, 482, 480, 486, 475, 486, 478, 477, + 479, 481, 487, 480, 481, 482, 483, 489, 495, 0, + 488, 483, 490, 494, 491, 484, 485, 485, 488, 481, + 492, 490, 486, 491, 493, 0, 495, 487, 492, 487, + 496, 493, 489, 499, 489, 495, 494, 488, 498, 490, + + 494, 491, 496, 497, 500, 499, 498, 492, 501, 0, + 502, 493, 497, 503, 0, 504, 501, 496, 502, 506, + 499, 507, 0, 508, 510, 498, 0, 505, 0, 0, + 497, 508, 507, 509, 511, 501, 500, 502, 504, 503, + 503, 506, 504, 505, 510, 512, 506, 509, 507, 513, + 508, 510, 514, 515, 505, 516, 511, 518, 523, 517, + 509, 511, 515, 519, 523, 512, 520, 521, 528, 522, + 518, 513, 512, 0, 514, 516, 513, 517, 0, 514, + 515, 519, 516, 525, 518, 523, 517, 524, 520, 527, + 519, 521, 522, 520, 521, 524, 522, 527, 529, 533, + + 528, 525, 531, 530, 0, 529, 532, 0, 534, 535, + 525, 540, 551, 524, 524, 532, 527, 531, 535, 536, + 547, 536, 524, 540, 543, 529, 530, 534, 549, 531, + 530, 533, 537, 532, 543, 534, 535, 0, 540, 537, + 0, 547, 548, 546, 551, 550, 536, 547, 0, 580, + 0, 543, 554, 553, 549, 549, 558, 555, 554, 537, + 538, 546, 557, 0, 538, 548, 555, 538, 559, 548, + 546, 550, 550, 560, 538, 553, 556, 538, 556, 554, + 553, 580, 538, 558, 555, 561, 557, 538, 559, 557, + 564, 538, 562, 563, 538, 559, 0, 561, 567, 560, + + 560, 538, 565, 556, 538, 552, 552, 0, 552, 566, + 0, 552, 561, 567, 564, 563, 552, 564, 562, 562, + 563, 569, 552, 552, 565, 567, 572, 571, 569, 565, + 573, 552, 552, 552, 566, 552, 566, 568, 552, 570, + 577, 581, 573, 552, 576, 568, 571, 570, 569, 552, + 552, 575, 572, 572, 571, 574, 578, 573, 579, 576, + 575, 593, 577, 582, 568, 583, 570, 577, 574, 584, + 585, 576, 586, 581, 588, 590, 587, 591, 575, 0, + 579, 586, 574, 578, 0, 579, 583, 582, 584, 585, + 582, 592, 583, 593, 588, 591, 584, 585, 587, 586, + + 589, 588, 590, 587, 591, 594, 596, 597, 589, 599, + 592, 598, 603, 594, 601, 600, 604, 602, 592, 604, + 608, 607, 0, 0, 596, 597, 0, 589, 600, 602, + 603, 599, 594, 596, 597, 598, 599, 605, 598, 603, + 601, 601, 600, 604, 602, 605, 607, 608, 607, 609, + 611, 610, 612, 613, 617, 609, 611, 615, 613, 612, + 614, 605, 616, 617, 605, 619, 618, 614, 623, 621, + 622, 620, 605, 610, 618, 615, 609, 611, 610, 612, + 613, 617, 621, 619, 615, 616, 620, 614, 626, 616, + 625, 622, 619, 618, 624, 623, 621, 622, 620, 627, + + 628, 624, 629, 625, 0, 632, 631, 630, 634, 633, + 629, 632, 637, 638, 635, 630, 636, 625, 0, 640, + 626, 624, 630, 628, 642, 636, 637, 628, 631, 629, + 639, 627, 632, 631, 630, 633, 633, 639, 635, 637, + 634, 635, 630, 636, 641, 638, 640, 643, 645, 644, + 647, 642, 646, 641, 648, 646, 645, 639, 649, 643, + 652, 648, 0, 647, 649, 659, 653, 0, 0, 651, + 659, 641, 644, 0, 643, 645, 644, 647, 653, 646, + 654, 648, 654, 652, 657, 649, 650, 652, 650, 655, + 656, 0, 650, 653, 650, 651, 651, 659, 0, 650, + + 661, 658, 656, 664, 650, 660, 657, 654, 662, 665, + 650, 657, 655, 650, 658, 650, 655, 656, 660, 650, + 662, 650, 665, 661, 663, 664, 650, 661, 658, 667, + 664, 650, 660, 666, 663, 662, 665, 668, 669, 666, + 670, 674, 667, 0, 0, 0, 663, 673, 683, 0, + 678, 663, 675, 0, 676, 0, 667, 677, 668, 686, + 666, 663, 673, 674, 668, 675, 679, 670, 674, 676, + 669, 672, 678, 680, 673, 683, 672, 678, 672, 675, + 681, 676, 682, 677, 677, 679, 680, 684, 681, 672, + 682, 686, 689, 679, 687, 690, 672, 672, 672, 0, + + 680, 0, 691, 672, 688, 672, 689, 681, 693, 682, + 684, 695, 688, 704, 684, 694, 672, 692, 687, 689, + 0, 687, 695, 672, 691, 692, 693, 690, 696, 691, + 698, 688, 697, 694, 699, 693, 700, 0, 695, 0, + 697, 699, 694, 701, 692, 704, 696, 702, 703, 700, + 701, 706, 698, 714, 707, 696, 709, 698, 708, 697, + 710, 699, 707, 700, 706, 702, 703, 708, 709, 711, + 701, 712, 713, 715, 702, 703, 725, 718, 706, 714, + 714, 707, 710, 709, 719, 708, 716, 710, 718, 719, + 713, 711, 720, 712, 0, 720, 711, 721, 712, 713, + + 716, 722, 723, 724, 718, 715, 728, 727, 725, 723, + 726, 735, 728, 716, 722, 724, 719, 726, 720, 720, + 729, 721, 720, 731, 721, 730, 732, 0, 722, 723, + 724, 727, 735, 728, 727, 736, 730, 726, 735, 733, + 737, 738, 729, 746, 0, 731, 736, 729, 732, 740, + 731, 739, 730, 732, 733, 741, 742, 744, 740, 745, + 0, 737, 736, 743, 744, 742, 733, 737, 738, 739, + 747, 743, 748, 745, 751, 746, 740, 752, 739, 741, + 750, 753, 741, 742, 744, 754, 745, 755, 756, 750, + 743, 757, 747, 752, 748, 758, 753, 747, 751, 748, + + 756, 751, 759, 760, 752, 761, 764, 750, 753, 766, + 759, 766, 763, 757, 770, 756, 760, 754, 757, 755, + 761, 763, 758, 765, 764, 771, 768, 770, 772, 759, + 760, 765, 761, 764, 768, 772, 766, 771, 773, 763, + 774, 770, 775, 0, 0, 0, 776, 778, 779, 0, + 765, 0, 771, 768, 777, 772, 780, 786, 782, 783, + 778, 779, 0, 0, 775, 781, 782, 793, 784, 775, + 773, 776, 774, 776, 778, 779, 777, 781, 780, 783, + 784, 777, 785, 780, 786, 782, 783, 787, 788, 789, + 785, 790, 781, 793, 793, 784, 798, 788, 790, 794, + + 787, 0, 795, 797, 801, 798, 791, 799, 0, 785, + 789, 796, 801, 800, 787, 788, 789, 791, 790, 802, + 791, 794, 795, 798, 796, 799, 794, 797, 791, 795, + 797, 801, 805, 791, 799, 800, 807, 803, 796, 806, + 800, 802, 809, 808, 791, 803, 802, 791, 810, 813, + 809, 811, 812, 0, 807, 808, 815, 813, 822, 805, + 810, 816, 806, 807, 803, 815, 806, 812, 814, 809, + 808, 811, 817, 818, 814, 810, 813, 0, 811, 812, + 818, 823, 816, 815, 817, 819, 820, 824, 816, 825, + 822, 835, 819, 826, 823, 814, 825, 829, 828, 817, + + 818, 832, 827, 828, 820, 829, 824, 831, 823, 830, + 0, 833, 819, 820, 824, 826, 825, 827, 836, 834, + 826, 831, 830, 835, 829, 833, 837, 832, 832, 827, + 828, 838, 839, 840, 831, 841, 830, 834, 833, 843, + 842, 844, 846, 845, 836, 836, 834, 842, 837, 838, + 847, 846, 848, 837, 839, 840, 845, 843, 838, 839, + 840, 841, 841, 844, 849, 850, 843, 842, 844, 846, + 845, 0, 856, 0, 854, 0, 859, 0, 860, 852, + 858, 0, 847, 860, 848, 857, 849, 0, 850, 858, + 854, 849, 850, 851, 859, 856, 861, 857, 851, 856, + + 851, 854, 851, 859, 851, 852, 852, 858, 862, 861, + 860, 851, 857, 863, 864, 865, 867, 866, 0, 871, + 851, 863, 869, 861, 869, 851, 862, 851, 865, 851, + 866, 851, 870, 864, 867, 862, 868, 873, 872, 876, + 863, 864, 865, 867, 866, 868, 871, 875, 877, 869, + 872, 878, 880, 879, 870, 881, 877, 883, 0, 870, + 879, 876, 882, 868, 873, 872, 876, 886, 882, 884, + 885, 875, 888, 887, 875, 877, 884, 881, 878, 880, + 879, 889, 881, 890, 883, 891, 886, 892, 894, 882, + 889, 895, 885, 897, 886, 887, 884, 885, 888, 888, + + 887, 892, 896, 898, 890, 891, 900, 899, 889, 901, + 890, 902, 891, 904, 892, 899, 905, 904, 902, 903, + 894, 898, 900, 895, 896, 897, 903, 908, 907, 896, + 898, 906, 909, 900, 899, 907, 901, 906, 902, 911, + 904, 910, 908, 914, 906, 909, 903, 915, 905, 912, + 910, 913, 914, 913, 908, 907, 912, 916, 906, 909, + 918, 0, 922, 917, 906, 911, 911, 917, 910, 915, + 914, 920, 921, 923, 915, 924, 912, 921, 913, 920, + 922, 926, 918, 925, 916, 929, 925, 918, 924, 922, + 917, 927, 923, 928, 0, 925, 930, 932, 920, 931, + + 923, 941, 924, 926, 921, 932, 928, 935, 926, 941, + 925, 933, 933, 925, 939, 931, 927, 929, 927, 930, + 928, 934, 936, 930, 932, 937, 931, 940, 941, 935, + 934, 936, 937, 943, 935, 942, 940, 939, 933, 944, + 0, 939, 947, 945, 0, 946, 943, 948, 934, 936, + 942, 944, 937, 946, 940, 945, 949, 951, 954, 950, + 943, 952, 942, 957, 947, 953, 944, 948, 950, 947, + 945, 956, 946, 958, 948, 951, 955, 953, 949, 954, + 959, 962, 955, 949, 951, 954, 950, 952, 952, 960, + 963, 964, 953, 956, 968, 957, 0, 966, 956, 967, + + 0, 965, 968, 955, 971, 958, 959, 959, 962, 964, + 965, 971, 967, 963, 975, 960, 960, 963, 964, 966, + 969, 968, 970, 978, 966, 969, 967, 970, 965, 972, + 973, 971, 974, 976, 976, 977, 979, 972, 973, 980, + 974, 0, 0, 977, 978, 981, 975, 980, 987, 988, + 978, 984, 969, 981, 970, 982, 972, 973, 986, 974, + 976, 983, 977, 982, 984, 985, 980, 0, 979, 983, + 986, 985, 981, 988, 987, 987, 988, 990, 984, 989, + 991, 993, 982, 994, 995, 986, 992, 1000, 983, 1006, + 998, 0, 985, 1001, 989, 993, 0, 998, 995, 996, + + 0, 994, 991, 996, 990, 1002, 989, 991, 993, 992, + 994, 995, 999, 992, 1000, 1001, 996, 998, 1003, 1007, + 1001, 1006, 1004, 999, 996, 1003, 996, 1005, 1002, 1009, + 996, 1004, 1002, 1011, 1005, 1012, 1013, 1015, 1009, 999, + 1017, 0, 1018, 996, 0, 1003, 1007, 1020, 1025, 1004, + 1021, 1022, 1024, 1018, 1005, 1011, 1009, 1023, 0, 1023, + 1011, 1012, 1012, 1022, 1015, 1024, 1027, 1017, 1013, 1018, + 1025, 1020, 1028, 1026, 1020, 1025, 1021, 1021, 1022, 1024, + 1029, 0, 1030, 1031, 1023, 1026, 1032, 1029, 1031, 1033, + 1034, 1037, 1035, 1027, 1038, 1028, 1040, 0, 1034, 1028, + + 1026, 0, 1032, 1038, 1041, 1049, 0, 1029, 1030, 1030, + 1031, 1039, 1033, 1032, 1035, 1044, 1033, 1034, 1037, 1035, + 1042, 1038, 1040, 1040, 1039, 1043, 1041, 1042, 1045, 1046, + 0, 1041, 1043, 1044, 1047, 1048, 1046, 1049, 1039, 1050, + 1051, 1053, 1044, 1054, 0, 0, 1050, 1042, 1056, 1061, + 1045, 1059, 1043, 1060, 1053, 1045, 1046, 1048, 1061, 1047, + 1063, 1047, 1048, 1055, 1058, 1067, 1050, 1058, 1053, 1056, + 1054, 1055, 1051, 1062, 1064, 1056, 1061, 1059, 1059, 1060, + 1060, 1065, 1068, 1066, 1063, 1062, 1066, 1063, 1065, 1064, + 1055, 1058, 1070, 1069, 1071, 1073, 1071, 1067, 1066, 1072, + + 1062, 1064, 1074, 1075, 1068, 1078, 1080, 1066, 1065, 1068, + 1066, 1069, 1075, 1066, 1070, 1077, 1076, 1079, 1082, 1070, + 1069, 1071, 1077, 1072, 1076, 1066, 1072, 1073, 1074, 1074, + 1075, 1081, 1083, 1084, 0, 1081, 1088, 1078, 1080, 1079, + 1082, 1085, 1077, 1076, 1079, 1082, 1086, 1087, 1089, 1088, + 1085, 1090, 1092, 1086, 1087, 1084, 1091, 0, 1081, 1083, + 1084, 1089, 1093, 1088, 1094, 1098, 1090, 1095, 1085, 1093, + 1091, 1094, 1099, 1086, 1087, 1089, 1096, 1102, 1090, 1099, + 1095, 1101, 1096, 1091, 1092, 1100, 1108, 1103, 1108, 1093, + 1103, 1094, 1098, 1101, 1095, 1104, 0, 1102, 1109, 1099, + + 1110, 1112, 1111, 1096, 1102, 1103, 1104, 1100, 1101, 1112, + 1113, 1106, 1100, 1108, 1103, 1115, 1106, 1103, 1117, 1114, + 1120, 1117, 1104, 1106, 1119, 1109, 1111, 1110, 1112, 1111, + 1114, 1116, 1113, 1115, 1118, 1122, 1117, 1113, 1106, 1116, + 1124, 1123, 1115, 1106, 1121, 1117, 1114, 1120, 1117, 1122, + 1123, 1121, 1118, 1124, 1125, 1126, 1119, 1128, 1116, 1128, + 1129, 1118, 1122, 1130, 1131, 1125, 1133, 1124, 1123, 1129, + 1126, 1121, 1134, 1137, 1132, 1131, 1135, 1139, 1137, 1135, + 1141, 1125, 1126, 1143, 1128, 1147, 1134, 1129, 1133, 1130, + 1130, 1131, 1132, 1133, 1135, 1136, 1142, 0, 1134, 1134, + + 1144, 1132, 1140, 1135, 1136, 1137, 1135, 1146, 1152, 1139, + 1148, 1140, 1141, 1134, 1146, 1143, 1152, 1147, 1142, 1149, + 1153, 1144, 1136, 1142, 1148, 1149, 1154, 1144, 1156, 1140, + 1157, 1158, 1155, 1161, 1146, 1152, 1156, 1148, 1163, 1153, + 1154, 1155, 1158, 1149, 1162, 1159, 1149, 1153, 1164, 1167, + 1171, 1162, 1149, 1154, 1159, 1156, 1165, 1166, 1158, 1155, + 1161, 1163, 1157, 1182, 1168, 1163, 1178, 1167, 1168, 1170, + 1164, 1162, 1159, 1172, 1173, 1164, 1167, 1171, 1165, 1166, + 1174, 1170, 1175, 1165, 1166, 1176, 1172, 1179, 1184, 1181, + 1182, 1168, 1177, 1176, 1173, 1174, 1170, 1175, 1178, 1177, + + 1172, 1173, 1179, 1183, 1180, 1187, 1186, 1174, 1188, 1175, + 1181, 1189, 1176, 1180, 1179, 1184, 1181, 1190, 1191, 1177, + 0, 1195, 1196, 1187, 1192, 1191, 1189, 1183, 1186, 1192, + 1183, 1180, 1187, 1186, 1193, 1188, 1194, 1196, 1189, 1195, + 1197, 0, 1190, 1193, 1190, 1191, 1198, 1199, 1195, 1196, + 1200, 1192, 1197, 1202, 1201, 1206, 1203, 1200, 1194, 1207, + 1199, 1193, 1206, 1194, 1204, 1199, 1201, 1197, 1198, 1208, + 1204, 1205, 1209, 1198, 1199, 1211, 1208, 1200, 1210, 1205, + 1202, 1201, 1206, 1212, 1210, 1213, 1207, 1199, 1203, 1214, + 1216, 1204, 1217, 1218, 1220, 0, 1208, 1221, 1205, 1209, + + 1222, 1217, 1211, 1223, 0, 1210, 1212, 1219, 0, 1219, + 1212, 1227, 0, 1214, 0, 1230, 1214, 1213, 1220, 1217, + 1230, 1220, 1216, 1233, 1221, 1218, 1222, 1222, 1231, 1224, + 1224, 1224, 1225, 1226, 1219, 1223, 1224, 1239, 1228, 1225, + 1226, 1231, 1232, 1227, 1224, 1228, 1235, 1230, 1232, 1238, + 1233, 1234, 1234, 1242, 1236, 1231, 1224, 1224, 1224, 1225, + 1226, 1236, 1237, 1224, 1239, 1228, 1244, 1237, 1243, 1232, + 1245, 1242, 1235, 1235, 1243, 1238, 1238, 1249, 1234, 1246, + 1242, 1236, 1245, 1247, 1248, 1248, 1250, 1250, 1254, 1237, + 1253, 1251, 1257, 1244, 1256, 1243, 1258, 1245, 1255, 1246, + + 1259, 1247, 1251, 1249, 1249, 1255, 1246, 1260, 1261, 1262, + 1247, 1248, 1253, 1250, 1256, 1263, 1262, 1253, 1251, 1265, + 1254, 1256, 1264, 1263, 1257, 1255, 1261, 1259, 1258, 1260, + 1266, 1267, 1267, 1268, 1260, 1261, 1262, 1264, 1269, 1266, + 1270, 1273, 1263, 1265, 1272, 1276, 1265, 1274, 1278, 1264, + 1269, 1277, 1272, 1273, 1275, 1274, 1270, 1266, 1267, 1268, + 1268, 1280, 1284, 1270, 1281, 1269, 1276, 1270, 1273, 1277, + 1281, 1272, 1276, 1282, 1274, 1278, 1285, 1275, 1277, 1279, + 1283, 1275, 1287, 1270, 1279, 1286, 1282, 1283, 1280, 1289, + 1286, 1281, 1288, 1288, 1284, 1279, 1290, 1292, 1293, 1295, + + 1282, 1295, 1296, 1285, 1289, 1294, 1279, 1283, 1297, 1298, + 1302, 1279, 1292, 1297, 1287, 1299, 1289, 1286, 1303, 1288, + 1294, 1293, 1301, 1304, 1292, 1293, 1295, 1306, 1290, 1308, + 1299, 1305, 1294, 1307, 1296, 1297, 1302, 1302, 1305, 1310, + 1309, 1298, 1299, 1312, 1314, 1303, 1301, 1315, 1317, 1301, + 1304, 1308, 0, 1319, 1307, 1320, 1308, 1310, 1305, 1306, + 1307, 1309, 1315, 1317, 1318, 1312, 1310, 1309, 1314, 1322, + 1312, 1314, 1321, 1320, 1315, 1317, 1323, 1324, 1325, 1318, + 1319, 1326, 1320, 1323, 1327, 1329, 1332, 1325, 1328, 1326, + 0, 1318, 1333, 1330, 1321, 1324, 1322, 1332, 1334, 1321, + + 1335, 1333, 1337, 1323, 1324, 1325, 1330, 1327, 1326, 1342, + 1328, 1327, 1332, 1332, 1341, 1328, 1334, 1329, 1335, 1333, + 1330, 1339, 1342, 1343, 1332, 1334, 1341, 1335, 0, 1337, + 1344, 1346, 1339, 1345, 1347, 1348, 1342, 1351, 0, 1352, + 1344, 1341, 0, 1350, 1351, 1354, 1358, 1358, 1339, 1353, + 0, 1354, 1366, 1355, 1348, 1343, 1346, 1344, 1346, 1345, + 1345, 1347, 1348, 1350, 1351, 1352, 1352, 1353, 1355, 1356, + 1350, 1357, 1354, 1358, 1362, 1359, 1353, 1366, 1360, 1366, + 1355, 1362, 1363, 1367, 1356, 1365, 1357, 1359, 0, 1363, + 1371, 1360, 1367, 1368, 1369, 0, 1356, 1372, 1357, 1360, + + 1374, 1362, 1359, 1375, 1378, 1360, 1377, 1365, 1371, 1363, + 1367, 0, 1365, 1374, 1369, 1368, 1379, 1371, 1360, 1380, + 1368, 1369, 1372, 1381, 1372, 1376, 1376, 1374, 1377, 1378, + 1375, 1378, 1381, 1377, 1383, 1382, 1384, 1385, 1379, 0, + 1386, 1380, 1382, 1379, 1389, 1388, 1380, 1390, 1394, 1391, + 1381, 1385, 1376, 1388, 1393, 1395, 1392, 1389, 1384, 1386, + 1396, 1393, 1382, 1384, 1385, 1398, 1383, 1386, 1392, 1397, + 1401, 1389, 1388, 1399, 1390, 1391, 1391, 1395, 1403, 1407, + 1394, 1393, 1395, 1392, 1397, 1396, 1400, 1396, 1402, 1400, + 1404, 1398, 1398, 0, 1402, 1401, 1397, 1401, 1408, 1399, + + 1399, 1407, 1411, 1405, 1400, 1403, 1407, 1410, 1404, 1411, + 1412, 1413, 1415, 1400, 1417, 1402, 1400, 1404, 1405, 1412, + 1408, 1410, 1413, 1421, 1418, 1408, 1419, 1420, 1419, 1411, + 1405, 1422, 1423, 1415, 1410, 1417, 1418, 1412, 1413, 1415, + 1424, 1417, 1425, 1427, 1426, 1420, 1433, 1428, 1424, 1422, + 1421, 1418, 1428, 1419, 1420, 1429, 1430, 1427, 1422, 1423, + 0, 1434, 1435, 1430, 1436, 1425, 1426, 1424, 1437, 1425, + 1427, 1426, 1439, 1433, 1429, 1434, 1440, 1438, 1441, 1428, + 1435, 1439, 1429, 1430, 1442, 1443, 1445, 1434, 1434, 1435, + 1446, 1436, 1438, 1449, 1437, 1437, 1448, 1446, 1448, 1439, + + 1441, 1455, 1434, 1452, 1438, 1441, 1450, 1443, 1440, 1445, + 1450, 1442, 1443, 1445, 1451, 1449, 1456, 1446, 1453, 1457, + 1449, 1454, 1458, 1448, 0, 1452, 1451, 1453, 1455, 1460, + 1452, 1457, 1454, 1450, 1459, 1459, 1463, 1460, 1467, 1456, + 1463, 1451, 1462, 1456, 1458, 1453, 1457, 1465, 1454, 1458, + 1462, 1464, 1466, 1467, 1464, 1465, 1460, 1471, 1466, 1470, + 1468, 1459, 1473, 1463, 1472, 1467, 1468, 1474, 1475, 1462, + 1476, 1470, 1477, 1478, 1465, 1481, 1473, 0, 1464, 1466, + 1474, 1479, 1475, 1483, 1471, 1484, 1470, 1468, 1472, 1473, + 1480, 1472, 1485, 1479, 1474, 1475, 1476, 1476, 1487, 1477, + + 1478, 1481, 1481, 1482, 1480, 1486, 1482, 1488, 1479, 1489, + 1483, 1490, 1484, 1486, 1491, 1492, 1488, 1480, 1494, 1485, + 1495, 1482, 1497, 1492, 1500, 1487, 1498, 1491, 1501, 1496, + 1482, 1499, 1486, 1482, 1488, 1498, 1489, 1496, 1490, 1502, + 1494, 1491, 1492, 1501, 1506, 1494, 1511, 1495, 1500, 1497, + 1504, 1500, 1499, 1498, 1501, 1501, 1496, 1503, 1499, 1505, + 1509, 1508, 1504, 1510, 1509, 1503, 1502, 1505, 1508, 1511, + 1501, 1506, 1512, 1511, 1513, 1510, 1514, 1504, 1515, 1519, + 1516, 1522, 1513, 1518, 1503, 1515, 1505, 1509, 1508, 1520, + 1510, 1517, 1517, 1523, 0, 1533, 1522, 1519, 1525, 1512, + + 1516, 1513, 1524, 1514, 1524, 1515, 1519, 1516, 1522, 1518, + 1518, 1526, 1525, 1527, 1520, 1523, 1520, 1526, 1517, 1528, + 1523, 1529, 1534, 1532, 1530, 1525, 1531, 1533, 1539, 1524, + 1536, 1540, 1548, 1529, 1538, 1527, 1532, 1536, 1526, 1541, + 1527, 1528, 1530, 1548, 1531, 1534, 1528, 1541, 1529, 1534, + 1532, 1530, 1538, 1531, 1539, 1539, 1544, 1536, 1545, 1548, + 1542, 1538, 1542, 1540, 1547, 1541, 1541, 1542, 1544, 1549, + 1551, 1552, 1555, 1553, 1541, 1554, 1545, 1557, 1559, 1547, + 1553, 1558, 1560, 1544, 1549, 1545, 1562, 1542, 1561, 1542, + 1554, 1547, 1563, 1552, 1551, 1566, 1549, 1551, 1552, 1555, + + 1553, 1561, 1554, 1558, 1557, 1564, 1565, 1563, 1558, 1560, + 1559, 1568, 1562, 1562, 1565, 1561, 1569, 1570, 1564, 1563, + 1571, 1566, 1566, 1572, 1573, 1575, 1574, 1577, 1576, 1578, + 1572, 1573, 1564, 1565, 1568, 1576, 1579, 1580, 1568, 1574, + 1569, 1584, 1571, 1569, 1570, 1582, 1580, 1571, 1575, 1577, + 1572, 1573, 1575, 1574, 1577, 1576, 1582, 1579, 1583, 1585, + 0, 1578, 1586, 1579, 1580, 1590, 1589, 0, 1592, 1592, + 1591, 1597, 1582, 1584, 1593, 1599, 0, 1602, 1585, 1589, + 1583, 1603, 1604, 1606, 1599, 1583, 1585, 1586, 1608, 1586, + 1609, 1590, 1590, 1589, 1591, 1592, 1610, 1591, 1597, 1602, + + 1593, 1593, 1599, 1603, 1602, 1612, 1611, 1610, 1603, 1604, + 1606, 1611, 1616, 1614, 1615, 1619, 1609, 1609, 1618, 1620, + 1608, 1614, 1621, 1610, 1623, 0, 1625, 1612, 1620, 1615, + 1626, 1628, 1612, 1611, 1621, 1629, 1618, 1627, 1631, 1616, + 1614, 1615, 1630, 1632, 1633, 1618, 1620, 1619, 1629, 1621, + 1634, 1623, 1625, 1625, 1636, 1630, 1628, 1626, 1628, 1627, + 1631, 1635, 1629, 1636, 1627, 1631, 1637, 1638, 1639, 1630, + 1632, 1633, 1640, 1642, 1641, 1643, 1635, 1634, 0, 1644, + 1642, 1636, 1638, 1639, 1645, 1645, 1650, 1640, 1635, 1647, + 1658, 1646, 1637, 1637, 1638, 1639, 1641, 1644, 1646, 1640, + + 1642, 1641, 1643, 1647, 1648, 1651, 1644, 1648, 1649, 1653, + 1652, 1645, 1650, 1650, 1653, 1655, 1647, 1658, 1646, 1652, + 1654, 1649, 1656, 1651, 1654, 1659, 1657, 0, 1660, 1663, + 1664, 1648, 1651, 1666, 1667, 1649, 1653, 1652, 1663, 1655, + 1666, 1670, 1655, 1667, 1656, 1668, 1664, 1654, 1657, 1656, + 1668, 1669, 1659, 1657, 1660, 1660, 1663, 1664, 1669, 1670, + 1666, 1667, 1671, 1675, 1672, 0, 1673, 1676, 1670, 1671, + 1677, 1679, 1668, 1672, 1683, 1678, 1684, 1680, 1669, 1677, + 1685, 1686, 1683, 1679, 1690, 1676, 1680, 1681, 1682, 1671, + 1675, 1672, 1673, 1673, 1676, 1678, 1681, 1677, 1679, 1682, + + 1687, 1683, 1678, 1684, 1680, 1688, 1690, 1685, 1689, 1687, + 1696, 1690, 1691, 1686, 1681, 1682, 1689, 1688, 1692, 1691, + 1693, 1694, 1697, 1698, 1703, 1692, 1701, 1687, 1696, 1697, + 1702, 1698, 1688, 1701, 1705, 1689, 1706, 1696, 1711, 1691, + 1704, 1707, 1693, 1705, 1709, 1692, 1694, 1693, 1694, 1697, + 1698, 1703, 1704, 1701, 1702, 1710, 1709, 1702, 1712, 1714, + 1716, 1705, 1717, 1706, 1707, 1711, 1718, 1704, 1707, 1719, + 1717, 1709, 1712, 1720, 0, 1724, 1725, 1727, 1710, 0, + 1726, 1725, 1710, 1728, 1729, 1712, 1714, 1716, 1737, 1717, + 1730, 1719, 1734, 1718, 1726, 1727, 1719, 1731, 1730, 1735, + + 1720, 1724, 1724, 1725, 1727, 1728, 1729, 1726, 1733, 1738, + 1728, 1729, 1739, 1736, 1734, 1737, 1731, 1730, 1741, 1734, + 1733, 1735, 1740, 0, 1731, 1736, 1735, 1743, 1745, 1742, + 1744, 1746, 1739, 1749, 1752, 1733, 1738, 1751, 1750, 1739, + 1736, 0, 1744, 1750, 1740, 1753, 1781, 1749, 1757, 1740, + 1741, 1742, 1754, 1743, 1743, 1745, 1742, 1744, 1746, 1751, + 1749, 1756, 1755, 1758, 1751, 1762, 1752, 1757, 1753, 1759, + 1750, 1761, 1753, 1756, 1754, 1757, 1765, 1763, 1781, 1754, + 1755, 1766, 1768, 1764, 1759, 1758, 1763, 1762, 1756, 1755, + 1758, 1767, 1762, 1771, 1765, 1761, 1759, 1764, 1761, 1766, + + 1768, 1771, 1774, 1765, 1763, 1772, 1773, 1775, 1766, 1768, + 1764, 1777, 1772, 1776, 1773, 1775, 1778, 1767, 1767, 1779, + 1771, 1780, 1782, 1777, 1786, 1784, 1783, 1779, 1790, 1774, + 1793, 1776, 1772, 1773, 1775, 1789, 1787, 1796, 1777, 0, + 1776, 1790, 1786, 1778, 1780, 1783, 1779, 1784, 1780, 1782, + 1787, 1786, 1784, 1783, 1791, 1790, 1793, 1793, 1789, 1801, + 1798, 1800, 1789, 1787, 1796, 1802, 1791, 1798, 1800, 1803, + 1804, 1805, 1806, 1807, 1809, 1810, 1808, 1817, 1811, 1814, + 0, 1791, 1807, 1816, 1814, 1801, 1801, 1798, 1800, 1808, + 1815, 0, 1802, 1803, 1815, 1819, 1803, 1804, 1805, 1806, + + 1807, 1811, 1810, 1808, 1816, 1811, 1809, 1822, 1823, 1817, + 1816, 1814, 1818, 1825, 1818, 1825, 1827, 1815, 1819, 1828, + 1826, 1826, 1819, 1830, 1829, 1831, 1833, 0, 1828, 1822, + 1826, 1829, 1823, 1832, 1822, 1823, 1830, 1835, 1827, 1818, + 1825, 1832, 1836, 1827, 1837, 1833, 1828, 1826, 1826, 1834, + 1830, 1829, 1831, 1833, 1838, 1839, 1842, 1834, 1846, 1840, + 1832, 1841, 1841, 1835, 1835, 1838, 1840, 1847, 1836, 1836, + 1837, 1837, 1843, 1844, 1842, 1848, 1834, 1839, 1850, 1843, + 1844, 1838, 1839, 1842, 1848, 1846, 1840, 1851, 1841, 1852, + 1855, 1847, 1854, 1857, 1847, 1856, 1858, 0, 1859, 1843, + + 1844, 1854, 1848, 1859, 0, 1850, 1863, 1852, 1858, 1851, + 1860, 1857, 0, 1861, 1851, 0, 1852, 1855, 1856, 1854, + 1857, 1864, 1856, 1858, 1860, 1867, 1865, 1867, 1871, 1873, + 1859, 1861, 1872, 1863, 1878, 1875, 1879, 1860, 1881, 1864, + 1861, 1865, 1876, 1883, 1880, 1876, 1881, 1873, 1864, 1885, + 1871, 1880, 1867, 1865, 1879, 1871, 1873, 1875, 1872, 1872, + 1882, 1878, 1875, 1879, 1884, 1881, 1887, 1886, 1876, 1876, + 1888, 1880, 1876, 1886, 1889, 1883, 1885, 1891, 1890, 1888, + 1890, 1893, 1882, 1894, 1895, 1896, 1884, 1882, 1887, 1893, + 1897, 1884, 1899, 1887, 1886, 1894, 1898, 1888, 1902, 1896, + + 1904, 1900, 1901, 1899, 1891, 1890, 1889, 1907, 1893, 1900, + 1894, 1895, 1896, 1897, 1898, 1903, 1903, 1897, 1905, 1899, + 1902, 1901, 1908, 1898, 1910, 1902, 1905, 1904, 1900, 1901, + 1911, 1912, 1914, 1915, 1907, 1916, 1917, 0, 1919, 1916, + 1915, 1911, 1903, 1920, 1917, 1905, 1923, 1922, 1924, 1908, + 1928, 1910, 1922, 1912, 1934, 1929, 1920, 1911, 1912, 1914, + 1915, 1925, 1916, 1917, 1919, 1919, 1926, 0, 1930, 1925, + 1920, 1927, 1932, 1923, 1922, 1924, 1933, 1928, 1927, 1929, + 1935, 1926, 1929, 1933, 1936, 0, 1934, 1932, 1925, 1940, + 1939, 1937, 1941, 1926, 1930, 1930, 1943, 1940, 1927, 1932, + + 1937, 1945, 1946, 1933, 1942, 1942, 1948, 1935, 1936, 1950, + 1946, 1936, 1939, 1949, 1942, 1951, 1940, 1939, 1937, 1952, + 1953, 1954, 1950, 1943, 1941, 1957, 1964, 1955, 1945, 1946, + 1962, 1942, 1942, 1948, 1961, 1949, 1950, 1951, 1965, 1961, + 1949, 1967, 1951, 1966, 1968, 1969, 1952, 1953, 1954, 1955, + 1966, 1965, 1957, 1964, 1955, 1972, 1962, 1962, 1973, 1967, + 1979, 1961, 1974, 0, 1978, 1965, 1976, 1969, 1967, 1977, + 1966, 1968, 1969, 1976, 1972, 1979, 1977, 1980, 1982, 1985, + 1988, 1983, 1972, 1984, 1974, 1973, 1978, 1979, 1983, 1974, + 1985, 1978, 1984, 1976, 1993, 1987, 1977, 1982, 1980, 1986, + + 1986, 1987, 1988, 1994, 1980, 1982, 1985, 1988, 1983, 1986, + 1984, 1991, 1995, 1999, 2001, 2001, 0, 2004, 1991, 2002, + 2005, 1993, 1987, 2006, 2008, 2009, 1986, 1986, 2013, 2005, + 1994, 2012, 2011, 2014, 2015, 1995, 2006, 2009, 1991, 1995, + 1999, 2011, 2002, 2001, 2004, 2016, 2002, 2005, 2017, 2012, + 2006, 2008, 2009, 2018, 2013, 2013, 2020, 2016, 2012, 2011, + 2014, 2015, 2019, 2021, 2019, 2022, 2023, 2025, 2020, 2021, + 2017, 2024, 2016, 2028, 2030, 2017, 2031, 2032, 2034, 2024, + 2018, 2035, 2037, 2020, 2038, 2040, 2046, 2022, 2023, 2019, + 2021, 0, 2022, 2023, 2025, 2039, 2034, 2037, 2024, 2044, + + 2028, 2030, 2048, 2031, 2032, 2034, 2043, 2039, 2035, 2037, + 2038, 2038, 2040, 2049, 2047, 2043, 2050, 2051, 2046, 2059, + 2064, 2049, 2039, 2044, 2048, 2050, 2044, 2047, 2051, 2048, + 2057, 2060, 2061, 2043, 2065, 2063, 2064, 0, 2060, 2063, + 2049, 2047, 2059, 2050, 2051, 2061, 2059, 2064, 2065, 2069, + 2072, 2069, 2066, 2070, 2057, 2067, 2068, 2057, 2060, 2061, + 2066, 2065, 2063, 2071, 2067, 2070, 2073, 2068, 2074, 2076, + 2071, 2075, 2077, 0, 2080, 2081, 2069, 2072, 2078, 2066, + 2070, 2083, 2067, 2068, 2073, 2079, 2080, 2079, 2090, 2082, + 2071, 2085, 2091, 2073, 2077, 2074, 2076, 2075, 2075, 2077, + + 2078, 2080, 2082, 2085, 2087, 2078, 2089, 2081, 2083, 2092, + 0, 2093, 2079, 2087, 2089, 2094, 2082, 2096, 2085, 2098, + 2090, 2099, 2092, 2094, 2091, 2093, 2097, 2098, 2102, 2100, + 2096, 2087, 2101, 2089, 0, 2099, 2092, 2104, 2093, 2103, + 2101, 2105, 2094, 2100, 2096, 2104, 2098, 2106, 2099, 2097, + 2102, 2111, 0, 2097, 2107, 2102, 2100, 2108, 2109, 2101, + 2112, 2103, 2110, 2117, 2104, 0, 2103, 2115, 2105, 2116, + 2110, 2114, 0, 2106, 2106, 2115, 2107, 2116, 2118, 2108, + 2109, 2107, 2121, 2111, 2108, 2109, 2118, 2112, 2119, 2110, + 2125, 2114, 2122, 2123, 2115, 2117, 2116, 2124, 2114, 2126, + + 2122, 2123, 2119, 2128, 2121, 2118, 2127, 0, 2129, 2121, + 2130, 2124, 2133, 0, 2127, 2119, 2125, 2125, 2131, 2122, + 2123, 2126, 2134, 2132, 2124, 0, 2126, 2135, 2136, 2128, + 2128, 2132, 2130, 2127, 2129, 2129, 2136, 2130, 2131, 2133, + 2137, 2140, 2134, 2138, 2141, 2131, 2144, 2135, 2142, 2134, + 2132, 2138, 2143, 2145, 2135, 2136, 2142, 2146, 0, 2147, + 2143, 2145, 2137, 2140, 2148, 2146, 2141, 2137, 2140, 2149, + 2138, 2141, 2144, 2144, 2150, 2142, 2151, 2152, 2154, 2143, + 2145, 2160, 0, 2161, 2146, 2147, 2147, 2157, 0, 2149, + 2158, 2148, 0, 0, 2159, 0, 2149, 2152, 2158, 0, + + 2154, 2150, 2159, 2151, 2152, 2154, 0, 0, 2160, 2157, + 2161, 0, 0, 0, 2157, 0, 0, 2158, 0, 0, + 0, 2159, 2165, 2165, 2165, 2165, 2165, 2165, 2165, 2166, + 2166, 2166, 2166, 2166, 2166, 2166, 2167, 2167, 2167, 2167, + 2167, 2167, 2167, 2168, 2168, 2168, 2168, 2168, 2168, 2168, + 2169, 2169, 2169, 2169, 2169, 2169, 2169, 2171, 2171, 0, + 2171, 2171, 2171, 2171, 2172, 2172, 0, 0, 0, 2172, + 2172, 2173, 2173, 0, 0, 2173, 0, 2173, 2174, 0, + 0, 0, 0, 0, 2174, 2175, 2175, 0, 0, 0, + 2175, 2175, 2176, 0, 0, 0, 0, 0, 2176, 2177, + + 2177, 0, 2177, 2177, 2177, 2177, 2178, 2178, 0, 2178, + 2178, 2178, 2178, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, + 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164, 2164 } ; static yy_state_type yy_last_accepting_state; @@ -2596,7 +2754,7 @@ static void config_end_include(void) #define YY_NO_INPUT 1 #endif -#line 2598 "<stdout>" +#line 2756 "<stdout>" #define INITIAL 0 #define quotedstring 1 @@ -2819,7 +2977,7 @@ YY_DECL { #line 207 "util/configlexer.lex" -#line 2821 "<stdout>" +#line 2979 "<stdout>" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -2852,13 +3010,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1997 ) + if ( yy_current_state >= 2165 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 5728 ); + while ( yy_base[yy_current_state] != 6214 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -3348,495 +3506,585 @@ YY_RULE_SETUP case 93: YY_RULE_SETUP #line 303 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK case 94: YY_RULE_SETUP #line 304 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK case 95: YY_RULE_SETUP #line 305 "util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK case 96: YY_RULE_SETUP #line 306 "util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK case 97: YY_RULE_SETUP #line 307 "util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK case 98: YY_RULE_SETUP #line 308 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 99: YY_RULE_SETUP #line 309 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 100: YY_RULE_SETUP #line 310 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK case 101: YY_RULE_SETUP #line 311 "util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK case 102: YY_RULE_SETUP #line 312 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +{ YDVAR(1, VAR_VERSION) } YY_BREAK case 103: YY_RULE_SETUP #line 313 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 104: YY_RULE_SETUP #line 314 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 105: YY_RULE_SETUP #line 315 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 106: YY_RULE_SETUP #line 316 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 107: YY_RULE_SETUP #line 317 "util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 108: YY_RULE_SETUP #line 318 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 109: YY_RULE_SETUP #line 319 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 110: YY_RULE_SETUP #line 320 "util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 111: YY_RULE_SETUP #line 321 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 112: YY_RULE_SETUP #line 322 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 113: YY_RULE_SETUP #line 323 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +{ YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 114: YY_RULE_SETUP #line 324 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 115: YY_RULE_SETUP #line 325 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 116: YY_RULE_SETUP #line 326 "util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 117: YY_RULE_SETUP #line 327 "util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +{ YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 118: YY_RULE_SETUP -#line 329 "util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } +#line 328 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 119: YY_RULE_SETUP -#line 330 "util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } +#line 329 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 120: YY_RULE_SETUP -#line 331 "util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } +#line 330 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 121: YY_RULE_SETUP -#line 332 "util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } +#line 331 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 122: YY_RULE_SETUP -#line 333 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } +#line 332 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 123: YY_RULE_SETUP -#line 334 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } +#line 333 "util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 124: YY_RULE_SETUP -#line 335 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } +#line 334 "util/configlexer.lex" +{ + YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 125: YY_RULE_SETUP #line 336 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } +{ YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 126: YY_RULE_SETUP #line 337 "util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } +{ YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 127: YY_RULE_SETUP #line 338 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } +{ YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 128: YY_RULE_SETUP #line 339 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } +{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 129: YY_RULE_SETUP #line 340 "util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } +{ YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 130: YY_RULE_SETUP #line 341 "util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } +{ YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 131: YY_RULE_SETUP #line 342 "util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } +{ YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 132: YY_RULE_SETUP #line 343 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +{ YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 133: YY_RULE_SETUP #line 344 "util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +{ YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK case 134: YY_RULE_SETUP #line 345 "util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +{ YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 135: YY_RULE_SETUP #line 346 "util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } +{ YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 136: YY_RULE_SETUP #line 347 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } +{ YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 137: YY_RULE_SETUP #line 348 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 138: YY_RULE_SETUP #line 349 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } +{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 139: YY_RULE_SETUP #line 350 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 140: YY_RULE_SETUP #line 351 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 141: YY_RULE_SETUP #line 352 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 142: YY_RULE_SETUP #line 353 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +{ YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK case 143: YY_RULE_SETUP #line 354 "util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +{ YDVAR(1, VAR_SHM_KEY) } YY_BREAK case 144: YY_RULE_SETUP #line 355 "util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 145: YY_RULE_SETUP #line 356 "util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 146: YY_RULE_SETUP #line 357 "util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 147: YY_RULE_SETUP #line 358 "util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 148: YY_RULE_SETUP #line 359 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +{ YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 149: YY_RULE_SETUP #line 360 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 150: YY_RULE_SETUP #line 361 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 151: YY_RULE_SETUP #line 362 "util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 152: YY_RULE_SETUP #line 363 "util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 153: YY_RULE_SETUP #line 364 "util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 154: YY_RULE_SETUP #line 365 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 155: YY_RULE_SETUP #line 366 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 156: YY_RULE_SETUP #line 367 "util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 157: YY_RULE_SETUP #line 368 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 158: YY_RULE_SETUP #line 369 "util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } +{ YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 159: YY_RULE_SETUP #line 370 "util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } +{ YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 160: YY_RULE_SETUP #line 371 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } +{ YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 161: YY_RULE_SETUP #line 372 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +{ YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 162: YY_RULE_SETUP #line 373 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } +{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 163: YY_RULE_SETUP #line 374 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } +{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 164: YY_RULE_SETUP #line 375 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 165: YY_RULE_SETUP #line 376 "util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 166: YY_RULE_SETUP #line 377 "util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } +{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 167: YY_RULE_SETUP +#line 378 "util/configlexer.lex" +{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } + YY_BREAK +case 168: +YY_RULE_SETUP #line 379 "util/configlexer.lex" +{ YDVAR(0, VAR_DNSTAP) } + YY_BREAK +case 169: +YY_RULE_SETUP +#line 380 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_ENABLE) } + YY_BREAK +case 170: +YY_RULE_SETUP +#line 381 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } + YY_BREAK +case 171: +YY_RULE_SETUP +#line 382 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } + YY_BREAK +case 172: +YY_RULE_SETUP +#line 383 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } + YY_BREAK +case 173: +YY_RULE_SETUP +#line 384 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IDENTITY) } + YY_BREAK +case 174: +YY_RULE_SETUP +#line 385 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_VERSION) } + YY_BREAK +case 175: +YY_RULE_SETUP +#line 386 "util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } + YY_BREAK +case 176: +YY_RULE_SETUP +#line 388 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK -case 168: +case 177: YY_RULE_SETUP -#line 381 "util/configlexer.lex" +#line 390 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK -case 169: +case 178: YY_RULE_SETUP -#line 383 "util/configlexer.lex" +#line 392 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK -case 170: +case 179: YY_RULE_SETUP -#line 385 "util/configlexer.lex" +#line 394 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK -case 171: +case 180: YY_RULE_SETUP -#line 387 "util/configlexer.lex" +#line 396 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK -case 172: +case 181: YY_RULE_SETUP -#line 389 "util/configlexer.lex" +#line 398 "util/configlexer.lex" { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK -case 173: +case 182: YY_RULE_SETUP -#line 390 "util/configlexer.lex" +#line 399 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK -case 174: +case 183: YY_RULE_SETUP -#line 391 "util/configlexer.lex" +#line 400 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT) } YY_BREAK -case 175: +case 184: YY_RULE_SETUP -#line 392 "util/configlexer.lex" +#line 401 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK -case 176: +case 185: YY_RULE_SETUP -#line 393 "util/configlexer.lex" +#line 402 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK -case 177: +case 186: YY_RULE_SETUP -#line 394 "util/configlexer.lex" +#line 403 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK -case 178: +case 187: YY_RULE_SETUP -#line 395 "util/configlexer.lex" +#line 404 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK -case 179: +case 188: YY_RULE_SETUP -#line 396 "util/configlexer.lex" +#line 405 "util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK -case 180: +case 189: YY_RULE_SETUP -#line 397 "util/configlexer.lex" +#line 406 "util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK -case 181: +case 190: YY_RULE_SETUP -#line 398 "util/configlexer.lex" +#line 407 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK -case 182: +case 191: YY_RULE_SETUP -#line 399 "util/configlexer.lex" +#line 408 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK -case 183: -/* rule 183 can match eol */ +case 192: YY_RULE_SETUP -#line 400 "util/configlexer.lex" +#line 409 "util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP_TAG) } + YY_BREAK +case 193: +YY_RULE_SETUP +#line 410 "util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP) } + YY_BREAK +case 194: +YY_RULE_SETUP +#line 411 "util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP_DATA) } + YY_BREAK +case 195: +YY_RULE_SETUP +#line 412 "util/configlexer.lex" +{ YDVAR(0, VAR_DNSCRYPT) } + YY_BREAK +case 196: +YY_RULE_SETUP +#line 413 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } + YY_BREAK +case 197: +YY_RULE_SETUP +#line 414 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PORT) } + YY_BREAK +case 198: +YY_RULE_SETUP +#line 415 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } + YY_BREAK +case 199: +YY_RULE_SETUP +#line 416 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } + YY_BREAK +case 200: +YY_RULE_SETUP +#line 417 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } + YY_BREAK +case 201: +/* rule 201 can match eol */ +YY_RULE_SETUP +#line 418 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 184: +case 202: YY_RULE_SETUP -#line 403 "util/configlexer.lex" +#line 421 "util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 404 "util/configlexer.lex" +#line 422 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 185: +case 203: YY_RULE_SETUP -#line 409 "util/configlexer.lex" +#line 427 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 186: -/* rule 186 can match eol */ +case 204: +/* rule 204 can match eol */ YY_RULE_SETUP -#line 410 "util/configlexer.lex" +#line 428 "util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 187: +case 205: YY_RULE_SETUP -#line 412 "util/configlexer.lex" +#line 430 "util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -3849,34 +4097,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 188: +case 206: YY_RULE_SETUP -#line 424 "util/configlexer.lex" +#line 442 "util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 425 "util/configlexer.lex" +#line 443 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 189: +case 207: YY_RULE_SETUP -#line 430 "util/configlexer.lex" +#line 448 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 190: -/* rule 190 can match eol */ +case 208: +/* rule 208 can match eol */ YY_RULE_SETUP -#line 431 "util/configlexer.lex" +#line 449 "util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 191: +case 209: YY_RULE_SETUP -#line 433 "util/configlexer.lex" +#line 451 "util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -3889,38 +4137,38 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 192: +case 210: YY_RULE_SETUP -#line 445 "util/configlexer.lex" +#line 463 "util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 447 "util/configlexer.lex" +#line 465 "util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 193: +case 211: YY_RULE_SETUP -#line 451 "util/configlexer.lex" +#line 469 "util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 194: -/* rule 194 can match eol */ +case 212: +/* rule 212 can match eol */ YY_RULE_SETUP -#line 452 "util/configlexer.lex" +#line 470 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 195: +case 213: YY_RULE_SETUP -#line 453 "util/configlexer.lex" +#line 471 "util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 196: +case 214: YY_RULE_SETUP -#line 454 "util/configlexer.lex" +#line 472 "util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext); @@ -3928,27 +4176,27 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 459 "util/configlexer.lex" +#line 477 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 197: +case 215: YY_RULE_SETUP -#line 463 "util/configlexer.lex" +#line 481 "util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 198: -/* rule 198 can match eol */ +case 216: +/* rule 216 can match eol */ YY_RULE_SETUP -#line 464 "util/configlexer.lex" +#line 482 "util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 199: +case 217: YY_RULE_SETUP -#line 466 "util/configlexer.lex" +#line 484 "util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -3958,7 +4206,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 472 "util/configlexer.lex" +#line 490 "util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -3970,33 +4218,33 @@ case YY_STATE_EOF(val): } } YY_BREAK -case 200: +case 218: YY_RULE_SETUP -#line 483 "util/configlexer.lex" +#line 501 "util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 201: +case 219: YY_RULE_SETUP -#line 487 "util/configlexer.lex" +#line 505 "util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 202: +case 220: YY_RULE_SETUP -#line 491 "util/configlexer.lex" +#line 509 "util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 203: +case 221: YY_RULE_SETUP -#line 495 "util/configlexer.lex" +#line 513 "util/configlexer.lex" ECHO; YY_BREAK -#line 3998 "<stdout>" +#line 4246 "<stdout>" case YY_END_OF_BUFFER: { @@ -4287,7 +4535,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1997 ) + if ( yy_current_state >= 2165 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -4315,11 +4563,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 1997 ) + if ( yy_current_state >= 2165 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 1996); + yy_is_jam = (yy_current_state == 2164); return yy_is_jam ? 0 : yy_current_state; } @@ -4958,7 +5206,7 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 495 "util/configlexer.lex" +#line 513 "util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index 0e6037cd1b5f..a6323f2c1436 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -300,8 +300,14 @@ view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) } do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } do-not-query-localhost{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } access-control{COLON} { YDVAR(2, VAR_ACCESS_CONTROL) } +send-client-subnet{COLON} { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } +client-subnet-always-forward{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } +client-subnet-opcode{COLON} { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } +max-client-subnet-ipv4{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } +max-client-subnet-ipv6{COLON} { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) } hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) } +hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } identity{COLON} { YDVAR(1, VAR_IDENTITY) } version{COLON} { YDVAR(1, VAR_VERSION) } module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) } @@ -320,6 +326,7 @@ val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } +fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) } val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } key-cache-size{COLON} { YDVAR(1, VAR_KEY_CACHE_SIZE) } key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } @@ -343,6 +350,8 @@ insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) } statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } +shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } +shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } @@ -397,6 +406,15 @@ ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) } +response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } +response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } +response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } +dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } +dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } +dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } +dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } +dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } +dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } <INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } /* Quoted strings. Strip leading and ending quotes */ diff --git a/util/configparser.c b/util/configparser.c index e9654f95fb9d..f70b948b75d2 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -79,6 +79,8 @@ int ub_c_lex(void); void ub_c_error(const char *message); +static void validate_respip_action(const char* action); + /* these need to be global, otherwise they cannot be used inside yacc */ extern struct config_parser_state* cfg_parser; @@ -89,7 +91,7 @@ extern struct config_parser_state* cfg_parser; #endif -#line 93 "util/configparser.c" /* yacc.c:339 */ +#line 95 "util/configparser.c" /* yacc.c:339 */ # ifndef YY_NULLPTR # if defined __cplusplus && 201103L <= __cplusplus @@ -279,38 +281,56 @@ extern int yydebug; VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, - VAR_HARDEN_ALGO_DOWNGRADE = 413, - VAR_IP_TRANSPARENT = 414, - VAR_DISABLE_DNSSEC_LAME_CHECK = 415, - VAR_IP_RATELIMIT = 416, - VAR_IP_RATELIMIT_SLABS = 417, - VAR_IP_RATELIMIT_SIZE = 418, - VAR_RATELIMIT = 419, - VAR_RATELIMIT_SLABS = 420, - VAR_RATELIMIT_SIZE = 421, - VAR_RATELIMIT_FOR_DOMAIN = 422, - VAR_RATELIMIT_BELOW_DOMAIN = 423, - VAR_IP_RATELIMIT_FACTOR = 424, - VAR_RATELIMIT_FACTOR = 425, - VAR_CAPS_WHITELIST = 426, - VAR_CACHE_MAX_NEGATIVE_TTL = 427, - VAR_PERMIT_SMALL_HOLDDOWN = 428, - VAR_QNAME_MINIMISATION = 429, - VAR_QNAME_MINIMISATION_STRICT = 430, - VAR_IP_FREEBIND = 431, - VAR_DEFINE_TAG = 432, - VAR_LOCAL_ZONE_TAG = 433, - VAR_ACCESS_CONTROL_TAG = 434, - VAR_LOCAL_ZONE_OVERRIDE = 435, - VAR_ACCESS_CONTROL_TAG_ACTION = 436, - VAR_ACCESS_CONTROL_TAG_DATA = 437, - VAR_VIEW = 438, - VAR_ACCESS_CONTROL_VIEW = 439, - VAR_VIEW_FIRST = 440, - VAR_SERVE_EXPIRED = 441, - VAR_FAKE_DSA = 442, - VAR_LOG_IDENTITY = 443, - VAR_USE_SYSTEMD = 444 + VAR_RESPONSE_IP_TAG = 413, + VAR_RESPONSE_IP = 414, + VAR_RESPONSE_IP_DATA = 415, + VAR_HARDEN_ALGO_DOWNGRADE = 416, + VAR_IP_TRANSPARENT = 417, + VAR_DISABLE_DNSSEC_LAME_CHECK = 418, + VAR_IP_RATELIMIT = 419, + VAR_IP_RATELIMIT_SLABS = 420, + VAR_IP_RATELIMIT_SIZE = 421, + VAR_RATELIMIT = 422, + VAR_RATELIMIT_SLABS = 423, + VAR_RATELIMIT_SIZE = 424, + VAR_RATELIMIT_FOR_DOMAIN = 425, + VAR_RATELIMIT_BELOW_DOMAIN = 426, + VAR_IP_RATELIMIT_FACTOR = 427, + VAR_RATELIMIT_FACTOR = 428, + VAR_SEND_CLIENT_SUBNET = 429, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 430, + VAR_CLIENT_SUBNET_OPCODE = 431, + VAR_MAX_CLIENT_SUBNET_IPV4 = 432, + VAR_MAX_CLIENT_SUBNET_IPV6 = 433, + VAR_CAPS_WHITELIST = 434, + VAR_CACHE_MAX_NEGATIVE_TTL = 435, + VAR_PERMIT_SMALL_HOLDDOWN = 436, + VAR_QNAME_MINIMISATION = 437, + VAR_QNAME_MINIMISATION_STRICT = 438, + VAR_IP_FREEBIND = 439, + VAR_DEFINE_TAG = 440, + VAR_LOCAL_ZONE_TAG = 441, + VAR_ACCESS_CONTROL_TAG = 442, + VAR_LOCAL_ZONE_OVERRIDE = 443, + VAR_ACCESS_CONTROL_TAG_ACTION = 444, + VAR_ACCESS_CONTROL_TAG_DATA = 445, + VAR_VIEW = 446, + VAR_ACCESS_CONTROL_VIEW = 447, + VAR_VIEW_FIRST = 448, + VAR_SERVE_EXPIRED = 449, + VAR_FAKE_DSA = 450, + VAR_FAKE_SHA1 = 451, + VAR_LOG_IDENTITY = 452, + VAR_HIDE_TRUSTANCHOR = 453, + VAR_USE_SYSTEMD = 454, + VAR_SHM_ENABLE = 455, + VAR_SHM_KEY = 456, + VAR_DNSCRYPT = 457, + VAR_DNSCRYPT_ENABLE = 458, + VAR_DNSCRYPT_PORT = 459, + VAR_DNSCRYPT_PROVIDER = 460, + VAR_DNSCRYPT_SECRET_KEY = 461, + VAR_DNSCRYPT_PROVIDER_CERT = 462 }; #endif /* Tokens. */ @@ -469,49 +489,67 @@ extern int yydebug; #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 -#define VAR_HARDEN_ALGO_DOWNGRADE 413 -#define VAR_IP_TRANSPARENT 414 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 415 -#define VAR_IP_RATELIMIT 416 -#define VAR_IP_RATELIMIT_SLABS 417 -#define VAR_IP_RATELIMIT_SIZE 418 -#define VAR_RATELIMIT 419 -#define VAR_RATELIMIT_SLABS 420 -#define VAR_RATELIMIT_SIZE 421 -#define VAR_RATELIMIT_FOR_DOMAIN 422 -#define VAR_RATELIMIT_BELOW_DOMAIN 423 -#define VAR_IP_RATELIMIT_FACTOR 424 -#define VAR_RATELIMIT_FACTOR 425 -#define VAR_CAPS_WHITELIST 426 -#define VAR_CACHE_MAX_NEGATIVE_TTL 427 -#define VAR_PERMIT_SMALL_HOLDDOWN 428 -#define VAR_QNAME_MINIMISATION 429 -#define VAR_QNAME_MINIMISATION_STRICT 430 -#define VAR_IP_FREEBIND 431 -#define VAR_DEFINE_TAG 432 -#define VAR_LOCAL_ZONE_TAG 433 -#define VAR_ACCESS_CONTROL_TAG 434 -#define VAR_LOCAL_ZONE_OVERRIDE 435 -#define VAR_ACCESS_CONTROL_TAG_ACTION 436 -#define VAR_ACCESS_CONTROL_TAG_DATA 437 -#define VAR_VIEW 438 -#define VAR_ACCESS_CONTROL_VIEW 439 -#define VAR_VIEW_FIRST 440 -#define VAR_SERVE_EXPIRED 441 -#define VAR_FAKE_DSA 442 -#define VAR_LOG_IDENTITY 443 -#define VAR_USE_SYSTEMD 444 +#define VAR_RESPONSE_IP_TAG 413 +#define VAR_RESPONSE_IP 414 +#define VAR_RESPONSE_IP_DATA 415 +#define VAR_HARDEN_ALGO_DOWNGRADE 416 +#define VAR_IP_TRANSPARENT 417 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 418 +#define VAR_IP_RATELIMIT 419 +#define VAR_IP_RATELIMIT_SLABS 420 +#define VAR_IP_RATELIMIT_SIZE 421 +#define VAR_RATELIMIT 422 +#define VAR_RATELIMIT_SLABS 423 +#define VAR_RATELIMIT_SIZE 424 +#define VAR_RATELIMIT_FOR_DOMAIN 425 +#define VAR_RATELIMIT_BELOW_DOMAIN 426 +#define VAR_IP_RATELIMIT_FACTOR 427 +#define VAR_RATELIMIT_FACTOR 428 +#define VAR_SEND_CLIENT_SUBNET 429 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 430 +#define VAR_CLIENT_SUBNET_OPCODE 431 +#define VAR_MAX_CLIENT_SUBNET_IPV4 432 +#define VAR_MAX_CLIENT_SUBNET_IPV6 433 +#define VAR_CAPS_WHITELIST 434 +#define VAR_CACHE_MAX_NEGATIVE_TTL 435 +#define VAR_PERMIT_SMALL_HOLDDOWN 436 +#define VAR_QNAME_MINIMISATION 437 +#define VAR_QNAME_MINIMISATION_STRICT 438 +#define VAR_IP_FREEBIND 439 +#define VAR_DEFINE_TAG 440 +#define VAR_LOCAL_ZONE_TAG 441 +#define VAR_ACCESS_CONTROL_TAG 442 +#define VAR_LOCAL_ZONE_OVERRIDE 443 +#define VAR_ACCESS_CONTROL_TAG_ACTION 444 +#define VAR_ACCESS_CONTROL_TAG_DATA 445 +#define VAR_VIEW 446 +#define VAR_ACCESS_CONTROL_VIEW 447 +#define VAR_VIEW_FIRST 448 +#define VAR_SERVE_EXPIRED 449 +#define VAR_FAKE_DSA 450 +#define VAR_FAKE_SHA1 451 +#define VAR_LOG_IDENTITY 452 +#define VAR_HIDE_TRUSTANCHOR 453 +#define VAR_USE_SYSTEMD 454 +#define VAR_SHM_ENABLE 455 +#define VAR_SHM_KEY 456 +#define VAR_DNSCRYPT 457 +#define VAR_DNSCRYPT_ENABLE 458 +#define VAR_DNSCRYPT_PORT 459 +#define VAR_DNSCRYPT_PROVIDER 460 +#define VAR_DNSCRYPT_SECRET_KEY 461 +#define VAR_DNSCRYPT_PROVIDER_CERT 462 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 64 "util/configparser.y" /* yacc.c:355 */ +#line 66 "util/configparser.y" /* yacc.c:355 */ char* str; -#line 515 "util/configparser.c" /* yacc.c:355 */ +#line 553 "util/configparser.c" /* yacc.c:355 */ }; typedef union YYSTYPE YYSTYPE; @@ -528,7 +566,7 @@ int yyparse (void); /* Copy the second part of user declarations. */ -#line 532 "util/configparser.c" /* yacc.c:358 */ +#line 570 "util/configparser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -770,21 +808,21 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 375 +#define YYLAST 421 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 190 +#define YYNTOKENS 208 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 200 +#define YYNNTS 223 /* YYNRULES -- Number of rules. */ -#define YYNRULES 383 +#define YYNRULES 427 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 574 +#define YYNSTATES 643 /* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned by yylex, with out-of-bounds checking. */ #define YYUNDEFTOK 2 -#define YYMAXUTOK 444 +#define YYMAXUTOK 462 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) @@ -837,52 +875,58 @@ static const yytype_uint8 yytranslate[] = 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, - 185, 186, 187, 188, 189 + 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, + 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 141, 141, 141, 142, 142, 143, 143, 144, 144, - 144, 149, 154, 155, 156, 156, 156, 157, 157, 158, - 158, 159, 159, 160, 160, 161, 161, 161, 162, 162, - 162, 163, 163, 164, 164, 165, 165, 166, 166, 167, - 167, 168, 168, 169, 169, 170, 170, 171, 171, 171, - 172, 172, 172, 173, 173, 173, 174, 174, 175, 175, - 176, 176, 177, 177, 178, 178, 178, 179, 179, 180, - 180, 181, 181, 181, 182, 182, 183, 183, 184, 184, - 185, 185, 185, 186, 186, 187, 187, 188, 188, 189, - 189, 190, 190, 191, 191, 191, 192, 192, 193, 193, - 193, 194, 194, 194, 195, 195, 195, 196, 196, 196, - 196, 197, 197, 197, 198, 198, 198, 199, 199, 200, - 200, 201, 201, 202, 202, 203, 203, 203, 204, 204, - 205, 205, 206, 207, 207, 208, 209, 209, 210, 210, - 211, 211, 211, 212, 212, 213, 213, 214, 214, 215, - 215, 216, 216, 216, 218, 230, 231, 232, 232, 232, - 232, 232, 233, 235, 247, 248, 249, 249, 249, 249, - 250, 252, 266, 267, 268, 268, 268, 268, 270, 279, - 288, 299, 308, 317, 326, 339, 354, 363, 372, 381, - 390, 399, 408, 417, 426, 435, 444, 453, 462, 471, - 480, 489, 496, 503, 512, 521, 530, 544, 553, 562, - 571, 578, 585, 611, 619, 626, 633, 640, 647, 655, - 663, 671, 678, 685, 694, 703, 710, 717, 725, 733, - 743, 753, 763, 776, 787, 795, 808, 817, 826, 835, - 845, 855, 863, 876, 885, 893, 902, 910, 923, 932, - 939, 949, 959, 969, 979, 989, 999, 1009, 1019, 1026, - 1033, 1040, 1049, 1058, 1067, 1074, 1084, 1101, 1108, 1126, - 1139, 1152, 1161, 1170, 1179, 1188, 1198, 1208, 1217, 1226, - 1239, 1248, 1255, 1264, 1273, 1282, 1291, 1299, 1312, 1320, - 1348, 1355, 1370, 1380, 1390, 1397, 1404, 1413, 1427, 1446, - 1465, 1477, 1489, 1501, 1512, 1522, 1531, 1539, 1547, 1560, - 1573, 1586, 1599, 1608, 1617, 1627, 1637, 1647, 1654, 1661, - 1670, 1680, 1690, 1700, 1707, 1714, 1723, 1733, 1743, 1772, - 1781, 1790, 1795, 1796, 1797, 1797, 1797, 1798, 1798, 1798, - 1799, 1799, 1801, 1811, 1820, 1827, 1837, 1844, 1851, 1858, - 1865, 1870, 1871, 1872, 1872, 1873, 1873, 1874, 1874, 1875, - 1876, 1877, 1878, 1879, 1880, 1882, 1890, 1897, 1905, 1913, - 1920, 1927, 1936, 1945, 1954, 1963, 1972, 1981, 1986, 1987, - 1988, 1990, 1996, 2006 + 0, 149, 149, 149, 150, 150, 151, 151, 152, 152, + 152, 154, 158, 163, 164, 165, 165, 165, 166, 166, + 167, 167, 168, 168, 169, 169, 170, 170, 170, 171, + 171, 171, 172, 172, 173, 173, 174, 174, 175, 175, + 176, 176, 177, 177, 178, 178, 179, 179, 180, 180, + 180, 181, 181, 181, 182, 182, 182, 183, 183, 184, + 184, 185, 185, 186, 186, 187, 187, 187, 188, 188, + 189, 189, 190, 190, 190, 191, 191, 192, 192, 193, + 193, 194, 194, 194, 195, 195, 196, 196, 197, 197, + 198, 198, 199, 199, 200, 200, 200, 201, 201, 202, + 202, 202, 203, 203, 203, 204, 204, 204, 205, 205, + 205, 205, 206, 206, 206, 207, 207, 207, 208, 208, + 209, 209, 210, 210, 211, 211, 212, 212, 212, 213, + 213, 214, 214, 215, 216, 216, 217, 217, 218, 219, + 220, 220, 221, 221, 222, 222, 223, 223, 223, 224, + 224, 225, 225, 226, 226, 227, 227, 228, 228, 228, + 229, 229, 229, 230, 230, 230, 231, 233, 245, 246, + 247, 247, 247, 247, 247, 248, 250, 262, 263, 264, + 264, 264, 264, 265, 267, 281, 282, 283, 283, 283, + 283, 284, 284, 284, 286, 295, 304, 315, 324, 333, + 342, 353, 362, 374, 389, 400, 417, 434, 447, 462, + 471, 480, 489, 498, 507, 516, 525, 534, 543, 552, + 561, 570, 579, 588, 597, 604, 611, 620, 629, 638, + 652, 661, 670, 679, 686, 693, 719, 727, 734, 741, + 748, 755, 763, 771, 779, 786, 793, 802, 811, 820, + 827, 834, 842, 850, 860, 870, 880, 893, 904, 912, + 925, 934, 943, 952, 962, 972, 980, 993, 1002, 1010, + 1019, 1027, 1040, 1049, 1056, 1066, 1076, 1086, 1096, 1106, + 1116, 1126, 1136, 1143, 1150, 1157, 1166, 1175, 1184, 1191, + 1201, 1218, 1225, 1243, 1256, 1269, 1278, 1287, 1296, 1305, + 1315, 1325, 1334, 1343, 1356, 1369, 1378, 1385, 1394, 1403, + 1412, 1421, 1429, 1442, 1450, 1478, 1485, 1500, 1510, 1520, + 1527, 1534, 1543, 1557, 1576, 1595, 1607, 1619, 1631, 1642, + 1661, 1671, 1680, 1688, 1696, 1709, 1722, 1735, 1748, 1757, + 1766, 1776, 1786, 1796, 1803, 1810, 1819, 1829, 1839, 1849, + 1856, 1863, 1872, 1882, 1892, 1921, 1931, 1939, 1948, 1963, + 1972, 1977, 1978, 1979, 1979, 1979, 1980, 1980, 1980, 1981, + 1981, 1983, 1993, 2002, 2009, 2019, 2026, 2033, 2040, 2047, + 2052, 2053, 2054, 2054, 2055, 2055, 2056, 2056, 2057, 2058, + 2059, 2060, 2061, 2062, 2064, 2072, 2079, 2087, 2095, 2102, + 2109, 2118, 2127, 2136, 2145, 2154, 2163, 2168, 2169, 2170, + 2172, 2178, 2188, 2195, 2204, 2212, 2218, 2219, 2221, 2221, + 2221, 2222, 2222, 2224, 2233, 2243, 2250, 2257 }; #endif @@ -944,67 +988,77 @@ static const char *const yytname[] = "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", "VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES", "VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", - "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", - "VAR_HARDEN_ALGO_DOWNGRADE", "VAR_IP_TRANSPARENT", - "VAR_DISABLE_DNSSEC_LAME_CHECK", "VAR_IP_RATELIMIT", - "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE", "VAR_RATELIMIT", - "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", "VAR_RATELIMIT_FOR_DOMAIN", - "VAR_RATELIMIT_BELOW_DOMAIN", "VAR_IP_RATELIMIT_FACTOR", - "VAR_RATELIMIT_FACTOR", "VAR_CAPS_WHITELIST", + "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", "VAR_RESPONSE_IP_TAG", + "VAR_RESPONSE_IP", "VAR_RESPONSE_IP_DATA", "VAR_HARDEN_ALGO_DOWNGRADE", + "VAR_IP_TRANSPARENT", "VAR_DISABLE_DNSSEC_LAME_CHECK", + "VAR_IP_RATELIMIT", "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE", + "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", + "VAR_RATELIMIT_FOR_DOMAIN", "VAR_RATELIMIT_BELOW_DOMAIN", + "VAR_IP_RATELIMIT_FACTOR", "VAR_RATELIMIT_FACTOR", + "VAR_SEND_CLIENT_SUBNET", "VAR_CLIENT_SUBNET_ALWAYS_FORWARD", + "VAR_CLIENT_SUBNET_OPCODE", "VAR_MAX_CLIENT_SUBNET_IPV4", + "VAR_MAX_CLIENT_SUBNET_IPV6", "VAR_CAPS_WHITELIST", "VAR_CACHE_MAX_NEGATIVE_TTL", "VAR_PERMIT_SMALL_HOLDDOWN", "VAR_QNAME_MINIMISATION", "VAR_QNAME_MINIMISATION_STRICT", "VAR_IP_FREEBIND", "VAR_DEFINE_TAG", "VAR_LOCAL_ZONE_TAG", "VAR_ACCESS_CONTROL_TAG", "VAR_LOCAL_ZONE_OVERRIDE", "VAR_ACCESS_CONTROL_TAG_ACTION", "VAR_ACCESS_CONTROL_TAG_DATA", "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", "VAR_VIEW_FIRST", - "VAR_SERVE_EXPIRED", "VAR_FAKE_DSA", "VAR_LOG_IDENTITY", - "VAR_USE_SYSTEMD", "$accept", "toplevelvars", "toplevelvar", + "VAR_SERVE_EXPIRED", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", "VAR_LOG_IDENTITY", + "VAR_HIDE_TRUSTANCHOR", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", + "VAR_SHM_KEY", "VAR_DNSCRYPT", "VAR_DNSCRYPT_ENABLE", + "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", "VAR_DNSCRYPT_SECRET_KEY", + "VAR_DNSCRYPT_PROVIDER_CERT", "$accept", "toplevelvars", "toplevelvar", "serverstart", "contents_server", "content_server", "stubstart", "contents_stub", "content_stub", "forwardstart", "contents_forward", "content_forward", "viewstart", "contents_view", "content_view", "server_num_threads", "server_verbosity", "server_statistics_interval", "server_statistics_cumulative", "server_extended_statistics", - "server_port", "server_interface", "server_outgoing_interface", - "server_outgoing_range", "server_outgoing_port_permit", - "server_outgoing_port_avoid", "server_outgoing_num_tcp", - "server_incoming_num_tcp", "server_interface_automatic", "server_do_ip4", - "server_do_ip6", "server_do_udp", "server_do_tcp", "server_prefer_ip6", - "server_tcp_mss", "server_outgoing_tcp_mss", "server_tcp_upstream", - "server_ssl_upstream", "server_ssl_service_key", - "server_ssl_service_pem", "server_ssl_port", "server_use_systemd", - "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", - "server_log_queries", "server_log_replies", "server_chroot", - "server_username", "server_directory", "server_logfile", + "server_shm_enable", "server_shm_key", "server_port", + "server_send_client_subnet", "server_client_subnet_always_forward", + "server_client_subnet_opcode", "server_max_client_subnet_ipv4", + "server_max_client_subnet_ipv6", "server_interface", + "server_outgoing_interface", "server_outgoing_range", + "server_outgoing_port_permit", "server_outgoing_port_avoid", + "server_outgoing_num_tcp", "server_incoming_num_tcp", + "server_interface_automatic", "server_do_ip4", "server_do_ip6", + "server_do_udp", "server_do_tcp", "server_prefer_ip6", "server_tcp_mss", + "server_outgoing_tcp_mss", "server_tcp_upstream", "server_ssl_upstream", + "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", + "server_use_systemd", "server_do_daemonize", "server_use_syslog", + "server_log_time_ascii", "server_log_queries", "server_log_replies", + "server_chroot", "server_username", "server_directory", "server_logfile", "server_pidfile", "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor", "server_auto_trust_anchor_file", "server_trust_anchor_file", "server_trusted_keys_file", "server_trust_anchor", "server_domain_insecure", "server_hide_identity", - "server_hide_version", "server_identity", "server_version", - "server_so_rcvbuf", "server_so_sndbuf", "server_so_reuseport", - "server_ip_transparent", "server_ip_freebind", "server_edns_buffer_size", - "server_msg_buffer_size", "server_msg_cache_size", - "server_msg_cache_slabs", "server_num_queries_per_thread", - "server_jostle_timeout", "server_delay_close", - "server_unblock_lan_zones", "server_insecure_lan_zones", - "server_rrset_cache_size", "server_rrset_cache_slabs", - "server_infra_host_ttl", "server_infra_lame_ttl", - "server_infra_cache_numhosts", "server_infra_cache_lame_size", - "server_infra_cache_slabs", "server_infra_cache_min_rtt", - "server_target_fetch_policy", "server_harden_short_bufsize", - "server_harden_large_queries", "server_harden_glue", - "server_harden_dnssec_stripped", "server_harden_below_nxdomain", - "server_harden_referral_path", "server_harden_algo_downgrade", - "server_use_caps_for_id", "server_caps_whitelist", - "server_private_address", "server_private_domain", "server_prefetch", - "server_prefetch_key", "server_unwanted_reply_threshold", - "server_do_not_query_address", "server_do_not_query_localhost", - "server_access_control", "server_module_conf", - "server_val_override_date", "server_val_sig_skew_min", - "server_val_sig_skew_max", "server_cache_max_ttl", - "server_cache_max_negative_ttl", "server_cache_min_ttl", - "server_bogus_ttl", "server_val_clean_additional", - "server_val_permissive_mode", "server_ignore_cd_flag", - "server_serve_expired", "server_fake_dsa", "server_val_log_level", + "server_hide_version", "server_hide_trustanchor", "server_identity", + "server_version", "server_so_rcvbuf", "server_so_sndbuf", + "server_so_reuseport", "server_ip_transparent", "server_ip_freebind", + "server_edns_buffer_size", "server_msg_buffer_size", + "server_msg_cache_size", "server_msg_cache_slabs", + "server_num_queries_per_thread", "server_jostle_timeout", + "server_delay_close", "server_unblock_lan_zones", + "server_insecure_lan_zones", "server_rrset_cache_size", + "server_rrset_cache_slabs", "server_infra_host_ttl", + "server_infra_lame_ttl", "server_infra_cache_numhosts", + "server_infra_cache_lame_size", "server_infra_cache_slabs", + "server_infra_cache_min_rtt", "server_target_fetch_policy", + "server_harden_short_bufsize", "server_harden_large_queries", + "server_harden_glue", "server_harden_dnssec_stripped", + "server_harden_below_nxdomain", "server_harden_referral_path", + "server_harden_algo_downgrade", "server_use_caps_for_id", + "server_caps_whitelist", "server_private_address", + "server_private_domain", "server_prefetch", "server_prefetch_key", + "server_unwanted_reply_threshold", "server_do_not_query_address", + "server_do_not_query_localhost", "server_access_control", + "server_module_conf", "server_val_override_date", + "server_val_sig_skew_min", "server_val_sig_skew_max", + "server_cache_max_ttl", "server_cache_max_negative_ttl", + "server_cache_min_ttl", "server_bogus_ttl", + "server_val_clean_additional", "server_val_permissive_mode", + "server_ignore_cd_flag", "server_serve_expired", "server_fake_dsa", + "server_fake_sha1", "server_val_log_level", "server_val_nsec3_keysize_iterations", "server_add_holddown", "server_del_holddown", "server_keep_missing", "server_permit_small_holddown", "server_key_cache_size", @@ -1014,22 +1068,24 @@ static const char *const yytname[] = "server_dns64_synthall", "server_define_tag", "server_local_zone_tag", "server_access_control_tag", "server_access_control_tag_action", "server_access_control_tag_data", "server_local_zone_override", - "server_access_control_view", "server_ip_ratelimit", "server_ratelimit", - "server_ip_ratelimit_size", "server_ratelimit_size", - "server_ip_ratelimit_slabs", "server_ratelimit_slabs", - "server_ratelimit_for_domain", "server_ratelimit_below_domain", - "server_ip_ratelimit_factor", "server_ratelimit_factor", - "server_qname_minimisation", "server_qname_minimisation_strict", - "stub_name", "stub_host", "stub_addr", "stub_first", "stub_ssl_upstream", - "stub_prime", "forward_name", "forward_host", "forward_addr", - "forward_first", "forward_ssl_upstream", "view_name", "view_local_zone", - "view_local_data", "view_first", "rcstart", "contents_rc", "content_rc", - "rc_control_enable", "rc_control_port", "rc_control_interface", - "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", - "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", - "content_dt", "dt_dnstap_enable", "dt_dnstap_socket_path", - "dt_dnstap_send_identity", "dt_dnstap_send_version", - "dt_dnstap_identity", "dt_dnstap_version", + "server_access_control_view", "server_response_ip_tag", + "server_ip_ratelimit", "server_ratelimit", "server_ip_ratelimit_size", + "server_ratelimit_size", "server_ip_ratelimit_slabs", + "server_ratelimit_slabs", "server_ratelimit_for_domain", + "server_ratelimit_below_domain", "server_ip_ratelimit_factor", + "server_ratelimit_factor", "server_qname_minimisation", + "server_qname_minimisation_strict", "stub_name", "stub_host", + "stub_addr", "stub_first", "stub_ssl_upstream", "stub_prime", + "forward_name", "forward_host", "forward_addr", "forward_first", + "forward_ssl_upstream", "view_name", "view_local_zone", + "view_response_ip", "view_response_ip_data", "view_local_data", + "view_local_data_ptr", "view_first", "rcstart", "contents_rc", + "content_rc", "rc_control_enable", "rc_control_port", + "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", + "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", + "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable", + "dt_dnstap_socket_path", "dt_dnstap_send_identity", + "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version", "dt_dnstap_log_resolver_query_messages", "dt_dnstap_log_resolver_response_messages", "dt_dnstap_log_client_query_messages", @@ -1037,7 +1093,11 @@ static const char *const yytname[] = "dt_dnstap_log_forwarder_query_messages", "dt_dnstap_log_forwarder_response_messages", "pythonstart", "contents_py", "content_py", "py_script", - "server_disable_dnssec_lame_check", "server_log_identity", YY_NULLPTR + "server_disable_dnssec_lame_check", "server_log_identity", + "server_response_ip", "server_response_ip_data", "dnscstart", + "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", + "dnsc_dnscrypt_port", "dnsc_dnscrypt_provider", + "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_secret_key", YY_NULLPTR }; #endif @@ -1064,14 +1124,16 @@ static const yytype_uint16 yytoknum[] = 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444 + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462 }; # endif -#define YYPACT_NINF -132 +#define YYPACT_NINF -162 #define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-132))) + (!!((Yystate) == (-162))) #define YYTABLE_NINF -1 @@ -1082,64 +1144,71 @@ static const yytype_uint16 yytoknum[] = STATE-NUM. */ static const yytype_int16 yypact[] = { - -132, 0, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, 134, -39, - -35, -11, -62, -131, -106, -4, -3, -2, -1, 2, - 17, 18, 28, 29, 30, 32, 33, 34, 35, 36, - 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, - 48, 49, 50, 51, 52, 53, 57, 58, 59, 60, - 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 82, 83, 85, 88, 90, 91, 92, 93, 94, 95, - 96, 98, 99, 100, 101, 102, 103, 104, 105, 106, - 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, - 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, - 127, 128, 129, 130, 131, 132, 133, 165, 166, 167, - 171, 172, 215, 216, 217, 218, 219, 220, 221, 222, - 223, 227, 231, 232, 256, 257, 258, 259, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, - 281, 307, 309, 314, 315, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, 316, 317, 318, 319, - 320, 321, -132, -132, -132, -132, -132, -132, -132, 322, - 323, 324, 325, 326, -132, -132, -132, -132, -132, -132, - 327, 328, 329, 330, -132, -132, -132, -132, -132, 331, - 332, 333, 334, 335, 336, 337, 338, -132, -132, -132, - -132, -132, -132, -132, -132, -132, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, 351, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - 352, 353, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, 354, 355, -132, -132, -132, -132, -132, - -132, -132, -132, -132, 356, 357, 358, 359, 360, 361, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, 362, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, 363, 364, 365, -132, - -132, -132, -132, -132 + -162, 0, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + 191, -38, -34, -39, -64, -130, -105, -161, -3, -2, + -1, 2, 3, 26, 29, 30, 38, 39, 40, 41, + 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, + 53, 54, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 82, 83, 84, + 86, 89, 91, 92, 93, 94, 95, 96, 98, 99, + 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, + 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 136, 137, 138, 139, 140, 141, 142, + 143, 145, 146, 147, 148, 149, 150, 151, 152, 153, + 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, + 174, 175, 176, 177, 178, 179, 180, 182, 183, 184, + 185, 186, 187, 188, 189, 190, 221, 222, 223, 224, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, 228, 229, 230, 272, 273, 274, -162, + -162, -162, -162, -162, -162, -162, 275, 276, 277, 278, + 279, -162, -162, -162, -162, -162, -162, 280, 284, 288, + 289, 313, 314, 315, -162, -162, -162, -162, -162, -162, + -162, -162, 316, 326, 327, 328, 329, 330, 331, 332, + -162, -162, -162, -162, -162, -162, -162, -162, -162, 333, + 334, 335, 336, 337, 338, 372, 374, 383, 384, 385, + 386, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, 387, -162, -162, 388, 389, 390, + 391, 392, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, 393, 394, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, 395, 396, + 397, -162, -162, -162, -162, -162, -162, -162, -162, -162, + 398, 399, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, 400, 401, 402, 403, + 404, 405, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, 406, -162, -162, 407, 408, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, 409, 410, 411, -162, -162, -162, -162, + -162, -162, -162 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -1147,9 +1216,10 @@ static const yytype_int16 yypact[] = means the default is an error. */ static const yytype_uint16 yydefact[] = { - 2, 0, 1, 11, 154, 163, 331, 377, 350, 171, - 3, 13, 156, 165, 173, 333, 352, 379, 4, 5, - 6, 10, 8, 9, 7, 0, 0, 0, 0, 0, + 2, 0, 1, 12, 167, 176, 360, 406, 379, 184, + 415, 3, 14, 169, 178, 186, 362, 381, 408, 417, + 4, 5, 6, 10, 8, 9, 7, 11, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1163,98 +1233,110 @@ static const yytype_uint16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 12, 14, 15, 74, 77, - 86, 16, 25, 65, 17, 78, 79, 36, 58, 73, - 18, 19, 21, 22, 20, 23, 24, 109, 110, 111, - 112, 113, 153, 75, 64, 90, 107, 108, 26, 27, - 28, 29, 30, 66, 80, 81, 96, 52, 62, 53, - 91, 46, 47, 48, 49, 100, 104, 117, 125, 140, - 101, 59, 31, 32, 33, 88, 118, 119, 120, 34, - 35, 37, 38, 40, 41, 39, 123, 42, 43, 44, - 50, 69, 105, 83, 124, 76, 136, 84, 85, 102, - 103, 89, 45, 67, 70, 51, 54, 92, 93, 68, - 137, 94, 55, 56, 57, 106, 150, 151, 95, 63, - 97, 98, 99, 138, 60, 61, 82, 71, 72, 87, - 114, 115, 116, 121, 122, 141, 142, 144, 146, 147, - 145, 148, 126, 127, 130, 131, 128, 129, 132, 133, - 135, 134, 139, 149, 143, 152, 0, 0, 0, 0, - 0, 0, 155, 157, 158, 159, 161, 162, 160, 0, - 0, 0, 0, 0, 164, 166, 167, 168, 169, 170, - 0, 0, 0, 0, 172, 174, 175, 176, 177, 0, - 0, 0, 0, 0, 0, 0, 0, 332, 334, 336, - 335, 341, 337, 338, 339, 340, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 351, 353, - 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, - 364, 0, 378, 380, 179, 178, 183, 186, 184, 192, - 193, 196, 194, 195, 197, 198, 210, 211, 212, 213, - 214, 234, 235, 236, 241, 242, 189, 243, 244, 247, - 245, 246, 249, 250, 251, 264, 223, 224, 225, 226, - 252, 267, 219, 221, 268, 274, 275, 276, 190, 233, - 286, 287, 220, 281, 206, 185, 215, 265, 271, 253, - 0, 0, 290, 191, 180, 205, 257, 181, 187, 188, - 216, 217, 288, 255, 259, 260, 182, 291, 237, 263, - 207, 222, 269, 270, 273, 280, 218, 284, 282, 283, - 227, 232, 261, 262, 228, 229, 254, 277, 208, 209, - 199, 200, 201, 202, 203, 292, 293, 294, 238, 239, - 240, 248, 295, 296, 256, 230, 382, 304, 308, 306, - 305, 309, 307, 0, 0, 312, 313, 258, 272, 285, - 314, 315, 231, 297, 0, 0, 0, 0, 0, 0, - 278, 279, 383, 204, 316, 317, 318, 321, 320, 319, - 322, 323, 324, 325, 326, 327, 0, 329, 330, 342, - 344, 343, 346, 347, 348, 349, 345, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 381, - 266, 289, 310, 311, 298, 299, 0, 0, 0, 303, - 328, 302, 300, 301 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 13, 15, 16, 75, 78, 87, 163, 164, 17, 137, + 138, 139, 140, 141, 26, 66, 18, 79, 80, 37, + 59, 74, 19, 20, 22, 23, 21, 24, 25, 110, + 111, 112, 113, 114, 159, 76, 65, 91, 108, 109, + 27, 28, 29, 30, 31, 67, 81, 82, 97, 53, + 63, 54, 92, 47, 48, 166, 49, 50, 101, 105, + 118, 126, 146, 102, 60, 32, 33, 34, 89, 119, + 120, 121, 35, 36, 38, 39, 41, 42, 40, 124, + 43, 44, 45, 51, 70, 106, 84, 125, 77, 142, + 85, 86, 103, 104, 90, 46, 68, 71, 52, 55, + 93, 94, 69, 143, 95, 56, 57, 58, 107, 156, + 157, 165, 96, 64, 98, 99, 100, 144, 61, 62, + 83, 72, 73, 88, 115, 116, 117, 122, 123, 147, + 148, 150, 152, 153, 151, 154, 160, 127, 128, 131, + 132, 129, 130, 133, 134, 136, 135, 145, 155, 149, + 158, 161, 162, 0, 0, 0, 0, 0, 0, 168, + 170, 171, 172, 174, 175, 173, 0, 0, 0, 0, + 0, 177, 179, 180, 181, 182, 183, 0, 0, 0, + 0, 0, 0, 0, 185, 187, 188, 191, 192, 189, + 193, 190, 0, 0, 0, 0, 0, 0, 0, 0, + 361, 363, 365, 364, 370, 366, 367, 368, 369, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 380, 382, 383, 384, 385, 386, 387, 388, 389, + 390, 391, 392, 393, 0, 407, 409, 0, 0, 0, + 0, 0, 416, 418, 419, 420, 422, 421, 195, 194, + 201, 209, 207, 215, 216, 219, 217, 218, 220, 221, + 233, 234, 235, 236, 237, 258, 259, 260, 265, 266, + 212, 267, 268, 271, 269, 270, 273, 274, 275, 288, + 246, 247, 249, 250, 276, 291, 242, 244, 292, 298, + 299, 300, 213, 257, 311, 312, 243, 306, 229, 208, + 238, 289, 295, 277, 0, 0, 315, 214, 196, 228, + 281, 197, 210, 211, 239, 240, 313, 279, 283, 284, + 198, 316, 261, 287, 230, 245, 293, 294, 297, 305, + 241, 309, 307, 308, 251, 256, 285, 286, 252, 253, + 278, 301, 231, 232, 222, 223, 224, 225, 226, 317, + 318, 319, 262, 263, 264, 272, 320, 321, 0, 0, + 0, 280, 254, 411, 330, 334, 332, 331, 335, 333, + 0, 0, 338, 339, 202, 203, 204, 205, 206, 282, + 296, 310, 340, 341, 255, 322, 0, 0, 0, 0, + 0, 0, 302, 303, 304, 412, 248, 227, 199, 200, + 342, 343, 344, 347, 346, 345, 348, 349, 350, 351, + 352, 353, 0, 357, 358, 0, 0, 359, 371, 373, + 372, 375, 376, 377, 378, 374, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 410, 423, + 424, 425, 427, 426, 290, 314, 329, 413, 414, 336, + 337, 323, 324, 0, 0, 0, 328, 354, 355, 356, + 327, 325, 326 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132, - -132, -132, -132, -132, -132, -132, -132, -132, -132, -132 + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162, -162, -162, -162, -162, -162, -162, -162, + -162, -162, -162 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 1, 10, 11, 18, 165, 12, 19, 312, 13, - 20, 324, 14, 21, 334, 166, 167, 168, 169, 170, - 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, - 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, - 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, - 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, - 301, 302, 303, 313, 314, 315, 316, 317, 318, 325, - 326, 327, 328, 329, 335, 336, 337, 338, 15, 22, - 347, 348, 349, 350, 351, 352, 353, 354, 355, 16, - 23, 368, 369, 370, 371, 372, 373, 374, 375, 376, - 377, 378, 379, 380, 17, 24, 382, 383, 304, 305 + -1, 1, 11, 12, 20, 180, 13, 21, 339, 14, + 22, 351, 15, 23, 364, 181, 182, 183, 184, 185, + 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, + 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, + 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, + 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, + 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, + 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, + 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, + 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, + 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, + 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 340, 341, 342, 343, 344, 345, 352, + 353, 354, 355, 356, 365, 366, 367, 368, 369, 370, + 371, 16, 24, 380, 381, 382, 383, 384, 385, 386, + 387, 388, 17, 25, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 18, 26, 415, + 416, 329, 330, 331, 332, 19, 27, 422, 423, 424, + 425, 426, 427 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -1262,131 +1344,147 @@ static const yytype_int16 yydefgoto[] = number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_uint16 yytable[] = { - 2, 306, 381, 307, 308, 319, 384, 385, 386, 387, - 0, 3, 388, 320, 321, 356, 357, 358, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 389, 390, 330, - 339, 340, 341, 342, 343, 344, 345, 346, 391, 392, - 393, 4, 394, 395, 396, 397, 398, 5, 399, 400, - 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 309, 331, 332, 415, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 6, 439, 440, 310, 441, 311, 322, 442, 323, - 443, 444, 445, 446, 447, 448, 449, 7, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, - 482, 483, 484, 485, 0, 8, 25, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 52, 333, 486, 487, 488, 53, 54, - 55, 489, 490, 9, 56, 57, 58, 59, 60, 61, - 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, - 92, 93, 94, 95, 96, 491, 492, 493, 494, 495, - 496, 497, 498, 499, 97, 98, 99, 500, 100, 101, - 102, 501, 502, 103, 104, 105, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, - 120, 121, 122, 123, 124, 125, 503, 504, 505, 506, - 126, 127, 128, 129, 130, 131, 132, 133, 134, 507, + 2, 357, 333, 414, 334, 335, 346, 428, 429, 430, + 0, 3, 431, 432, 347, 348, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 372, 373, + 374, 375, 376, 377, 378, 379, 433, 358, 359, 434, + 435, 4, 417, 418, 419, 420, 421, 5, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, + 448, 449, 360, 450, 451, 336, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 6, 477, 478, 479, 337, 480, 338, 349, 481, + 350, 482, 483, 484, 485, 486, 487, 7, 488, 489, + 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, + 361, 362, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 135, 136, 137, 138, 139, 140, 141, 142, - 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, - 153, 154, 155, 156, 157, 158, 159, 520, 160, 521, - 161, 162, 163, 164, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573 + 518, 519, 520, 521, 522, 8, 523, 524, 525, 526, + 527, 528, 529, 530, 363, 531, 532, 533, 534, 535, + 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 9, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 0, 10, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, + 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 576, 577, 578, 579, 56, 57, 58, 580, 581, + 582, 59, 60, 61, 62, 63, 64, 65, 66, 67, + 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, + 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, + 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, + 98, 99, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 100, 101, 102, 592, 103, 104, 105, 593, 594, + 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, + 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, + 126, 127, 128, 595, 596, 597, 598, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 138, + 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, + 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 170, 612, 171, 613, 172, 173, 174, 175, 176, + 177, 178, 179, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642 }; static const yytype_int16 yycheck[] = { - 0, 40, 108, 42, 43, 40, 10, 10, 10, 10, - -1, 11, 10, 48, 49, 146, 147, 148, 149, 150, - 151, 152, 153, 154, 155, 156, 157, 10, 10, 40, - 92, 93, 94, 95, 96, 97, 98, 99, 10, 10, - 10, 41, 10, 10, 10, 10, 10, 47, 10, 10, + 0, 40, 40, 108, 42, 43, 40, 10, 10, 10, + -1, 11, 10, 10, 48, 49, 146, 147, 148, 149, + 150, 151, 152, 153, 154, 155, 156, 157, 92, 93, + 94, 95, 96, 97, 98, 99, 10, 76, 77, 10, + 10, 41, 203, 204, 205, 206, 207, 47, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 103, 76, 77, 10, 10, 10, + 10, 10, 101, 10, 10, 103, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 91, 10, 10, 133, 10, 135, 132, 10, 134, - 10, 10, 10, 10, 10, 10, 10, 107, 10, 10, + 10, 91, 10, 10, 10, 133, 10, 135, 132, 10, + 134, 10, 10, 10, 10, 10, 10, 107, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 159, 160, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 145, 10, 10, 10, 10, + 10, 10, 10, 10, 193, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, -1, 145, 12, 13, 14, 15, - 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, - 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 185, 10, 10, 10, 44, 45, - 46, 10, 10, 183, 50, 51, 52, 53, 54, 55, - 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, - 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, - 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, - 86, 87, 88, 89, 90, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 100, 101, 102, 10, 104, 105, - 106, 10, 10, 109, 110, 111, 112, 113, 114, 115, - 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, - 126, 127, 128, 129, 130, 131, 10, 10, 10, 10, - 136, 137, 138, 139, 140, 141, 142, 143, 144, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, - 176, 177, 178, 179, 180, 181, 182, 10, 184, 10, - 186, 187, 188, 189, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 191, 10, 10, 10, 10, 10, 10, 10, 10, + 10, -1, 202, 12, 13, 14, 15, 16, 17, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, + 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + 39, 10, 10, 10, 10, 44, 45, 46, 10, 10, + 10, 50, 51, 52, 53, 54, 55, 56, 57, 58, + 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, + 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, + 89, 90, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 100, 101, 102, 10, 104, 105, 106, 10, 10, + 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, + 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, + 129, 130, 131, 10, 10, 10, 10, 136, 137, 138, + 139, 140, 141, 142, 143, 144, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, + 189, 190, 10, 192, 10, 194, 195, 196, 197, 198, + 199, 200, 201, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10 + 10, 10 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint16 yystos[] = { - 0, 191, 0, 11, 41, 47, 91, 107, 145, 183, - 192, 193, 196, 199, 202, 358, 369, 384, 194, 197, - 200, 203, 359, 370, 385, 12, 13, 14, 15, 16, - 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, - 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, - 37, 38, 39, 44, 45, 46, 50, 51, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, - 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, - 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, - 84, 85, 86, 87, 88, 89, 90, 100, 101, 102, - 104, 105, 106, 109, 110, 111, 112, 113, 114, 115, - 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, - 126, 127, 128, 129, 130, 131, 136, 137, 138, 139, - 140, 141, 142, 143, 144, 158, 159, 160, 161, 162, - 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, - 184, 186, 187, 188, 189, 195, 205, 206, 207, 208, - 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, - 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, - 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, - 339, 340, 341, 342, 388, 389, 40, 42, 43, 103, - 133, 135, 198, 343, 344, 345, 346, 347, 348, 40, - 48, 49, 132, 134, 201, 349, 350, 351, 352, 353, - 40, 76, 77, 185, 204, 354, 355, 356, 357, 92, - 93, 94, 95, 96, 97, 98, 99, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 146, 147, 148, 149, - 150, 151, 152, 153, 154, 155, 156, 157, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 108, 386, 387, 10, 10, 10, 10, 10, 10, + 0, 209, 0, 11, 41, 47, 91, 107, 145, 191, + 202, 210, 211, 214, 217, 220, 389, 400, 415, 423, + 212, 215, 218, 221, 390, 401, 416, 424, 12, 13, + 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, + 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, + 34, 35, 36, 37, 38, 39, 44, 45, 46, 50, + 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, + 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, + 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, + 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, + 100, 101, 102, 104, 105, 106, 109, 110, 111, 112, + 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, + 123, 124, 125, 126, 127, 128, 129, 130, 131, 136, + 137, 138, 139, 140, 141, 142, 143, 144, 158, 159, + 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, + 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, + 190, 192, 194, 195, 196, 197, 198, 199, 200, 201, + 213, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, + 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 419, + 420, 421, 422, 40, 42, 43, 103, 133, 135, 216, + 371, 372, 373, 374, 375, 376, 40, 48, 49, 132, + 134, 219, 377, 378, 379, 380, 381, 40, 76, 77, + 101, 159, 160, 193, 222, 382, 383, 384, 385, 386, + 387, 388, 92, 93, 94, 95, 96, 97, 98, 99, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 146, + 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, + 157, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 108, 417, 418, 203, 204, 205, + 206, 207, 425, 426, 427, 428, 429, 430, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -1405,58 +1503,64 @@ static const yytype_uint16 yystos[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10 + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint16 yyr1[] = { - 0, 190, 191, 191, 192, 192, 192, 192, 192, 192, - 192, 193, 194, 194, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 195, 195, 195, 195, 195, 195, - 195, 195, 195, 195, 196, 197, 197, 198, 198, 198, - 198, 198, 198, 199, 200, 200, 201, 201, 201, 201, - 201, 202, 203, 203, 204, 204, 204, 204, 205, 206, - 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, - 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, - 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, - 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, - 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, - 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, - 357, 358, 359, 359, 360, 360, 360, 360, 360, 360, - 360, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 370, 371, 371, 371, 371, 371, 371, 371, - 371, 371, 371, 371, 371, 372, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, 383, 384, 385, 385, - 386, 387, 388, 389 + 0, 208, 209, 209, 210, 210, 210, 210, 210, 210, + 210, 210, 211, 212, 212, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, + 213, 213, 213, 213, 213, 213, 213, 214, 215, 215, + 216, 216, 216, 216, 216, 216, 217, 218, 218, 219, + 219, 219, 219, 219, 220, 221, 221, 222, 222, 222, + 222, 222, 222, 222, 223, 224, 225, 226, 227, 228, + 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, + 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, + 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, + 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, + 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, + 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 390, 391, 391, 391, 391, 391, 391, 391, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 401, 402, 402, 402, 402, 402, 402, 402, 402, + 402, 402, 402, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 416, 417, + 418, 419, 420, 421, 422, 423, 424, 424, 425, 425, + 425, 425, 425, 426, 427, 428, 429, 430 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, - 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, + 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1470,9 +1574,10 @@ static const yytype_uint8 yyr2[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, + 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 2, 0, 1, 1, 1, 1, 2, 2, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1481,19 +1586,21 @@ static const yytype_uint8 yyr2[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, - 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, - 4, 4, 4, 3, 2, 2, 2, 2, 2, 2, - 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, - 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, - 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, + 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, + 2, 2, 2, 3, 3, 4, 4, 4, 3, 3, + 2, 2, 2, 2, 2, 2, 3, 3, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 3, 3, 3, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 1, 2, 0, - 1, 2, 2, 2 + 1, 2, 2, 2, 2, 2, 2, 2, 2, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, + 2, 2, 2, 3, 3, 1, 2, 0, 1, 1, + 1, 1, 1, 2, 2, 2, 2, 2 }; @@ -2169,16 +2276,16 @@ yyreduce: YY_REDUCE_PRINT (yyn); switch (yyn) { - case 11: -#line 150 "util/configparser.y" /* yacc.c:1646 */ + case 12: +#line 159 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(server:)\n")); } -#line 2178 "util/configparser.c" /* yacc.c:1646 */ +#line 2285 "util/configparser.c" /* yacc.c:1646 */ break; - case 154: -#line 219 "util/configparser.y" /* yacc.c:1646 */ + case 167: +#line 234 "util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -2189,11 +2296,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2193 "util/configparser.c" /* yacc.c:1646 */ +#line 2300 "util/configparser.c" /* yacc.c:1646 */ break; - case 163: -#line 236 "util/configparser.y" /* yacc.c:1646 */ + case 176: +#line 251 "util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -2204,11 +2311,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2208 "util/configparser.c" /* yacc.c:1646 */ +#line 2315 "util/configparser.c" /* yacc.c:1646 */ break; - case 171: -#line 253 "util/configparser.y" /* yacc.c:1646 */ + case 184: +#line 268 "util/configparser.y" /* yacc.c:1646 */ { struct config_view* s; OUTYY(("\nP(view:)\n")); @@ -2221,11 +2328,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2225 "util/configparser.c" /* yacc.c:1646 */ +#line 2332 "util/configparser.c" /* yacc.c:1646 */ break; - case 178: -#line 271 "util/configparser.y" /* yacc.c:1646 */ + case 194: +#line 287 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2233,11 +2340,11 @@ yyreduce: else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2237 "util/configparser.c" /* yacc.c:1646 */ +#line 2344 "util/configparser.c" /* yacc.c:1646 */ break; - case 179: -#line 280 "util/configparser.y" /* yacc.c:1646 */ + case 195: +#line 296 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2245,11 +2352,11 @@ yyreduce: else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2249 "util/configparser.c" /* yacc.c:1646 */ +#line 2356 "util/configparser.c" /* yacc.c:1646 */ break; - case 180: -#line 289 "util/configparser.y" /* yacc.c:1646 */ + case 196: +#line 305 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2259,11 +2366,11 @@ yyreduce: else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2263 "util/configparser.c" /* yacc.c:1646 */ +#line 2370 "util/configparser.c" /* yacc.c:1646 */ break; - case 181: -#line 300 "util/configparser.y" /* yacc.c:1646 */ + case 197: +#line 316 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2271,11 +2378,11 @@ yyreduce: else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2275 "util/configparser.c" /* yacc.c:1646 */ +#line 2382 "util/configparser.c" /* yacc.c:1646 */ break; - case 182: -#line 309 "util/configparser.y" /* yacc.c:1646 */ + case 198: +#line 325 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2283,11 +2390,37 @@ yyreduce: else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2287 "util/configparser.c" /* yacc.c:1646 */ +#line 2394 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 199: +#line 334 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 2406 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 200: +#line 343 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) + cfg_parser->cfg->shm_key = 0; + else if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 2420 "util/configparser.c" /* yacc.c:1646 */ break; - case 183: -#line 318 "util/configparser.y" /* yacc.c:1646 */ + case 201: +#line 354 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2295,11 +2428,97 @@ yyreduce: else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2299 "util/configparser.c" /* yacc.c:1646 */ +#line 2432 "util/configparser.c" /* yacc.c:1646 */ break; - case 184: -#line 327 "util/configparser.y" /* yacc.c:1646 */ + case 202: +#line 363 "util/configparser.y" /* yacc.c:1646 */ + { + #ifdef CLIENT_SUBNET + OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[0].str))) + fatal_exit("out of memory adding client-subnet"); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + } +#line 2446 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 203: +#line 375 "util/configparser.y" /* yacc.c:1646 */ + { + #ifdef CLIENT_SUBNET + OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->client_subnet_always_forward = + (strcmp((yyvsp[0].str), "yes")==0); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 2464 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 204: +#line 390 "util/configparser.y" /* yacc.c:1646 */ + { + #ifdef CLIENT_SUBNET + OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); + OUTYY(("P(Depricated option, ignoring)\n")); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 2478 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 205: +#line 401 "util/configparser.y" /* yacc.c:1646 */ + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("IPv4 subnet length expected"); + else if (atoi((yyvsp[0].str)) > 32) + cfg_parser->cfg->max_client_subnet_ipv4 = 32; + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->max_client_subnet_ipv4 = 0; + else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 2498 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 206: +#line 418 "util/configparser.y" /* yacc.c:1646 */ + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("Ipv6 subnet length expected"); + else if (atoi((yyvsp[0].str)) > 128) + cfg_parser->cfg->max_client_subnet_ipv6 = 128; + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->max_client_subnet_ipv6 = 0; + else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 2518 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 207: +#line 435 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -2311,11 +2530,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 2315 "util/configparser.c" /* yacc.c:1646 */ +#line 2534 "util/configparser.c" /* yacc.c:1646 */ break; - case 185: -#line 340 "util/configparser.y" /* yacc.c:1646 */ + case 208: +#line 448 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -2329,11 +2548,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 2333 "util/configparser.c" /* yacc.c:1646 */ +#line 2552 "util/configparser.c" /* yacc.c:1646 */ break; - case 186: -#line 355 "util/configparser.y" /* yacc.c:1646 */ + case 209: +#line 463 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2341,11 +2560,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2345 "util/configparser.c" /* yacc.c:1646 */ +#line 2564 "util/configparser.c" /* yacc.c:1646 */ break; - case 187: -#line 364 "util/configparser.y" /* yacc.c:1646 */ + case 210: +#line 472 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -2353,11 +2572,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 2357 "util/configparser.c" /* yacc.c:1646 */ +#line 2576 "util/configparser.c" /* yacc.c:1646 */ break; - case 188: -#line 373 "util/configparser.y" /* yacc.c:1646 */ + case 211: +#line 481 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -2365,11 +2584,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 2369 "util/configparser.c" /* yacc.c:1646 */ +#line 2588 "util/configparser.c" /* yacc.c:1646 */ break; - case 189: -#line 382 "util/configparser.y" /* yacc.c:1646 */ + case 212: +#line 490 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2377,11 +2596,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2381 "util/configparser.c" /* yacc.c:1646 */ +#line 2600 "util/configparser.c" /* yacc.c:1646 */ break; - case 190: -#line 391 "util/configparser.y" /* yacc.c:1646 */ + case 213: +#line 499 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2389,11 +2608,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2393 "util/configparser.c" /* yacc.c:1646 */ +#line 2612 "util/configparser.c" /* yacc.c:1646 */ break; - case 191: -#line 400 "util/configparser.y" /* yacc.c:1646 */ + case 214: +#line 508 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2401,11 +2620,11 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2405 "util/configparser.c" /* yacc.c:1646 */ +#line 2624 "util/configparser.c" /* yacc.c:1646 */ break; - case 192: -#line 409 "util/configparser.y" /* yacc.c:1646 */ + case 215: +#line 517 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2413,11 +2632,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2417 "util/configparser.c" /* yacc.c:1646 */ +#line 2636 "util/configparser.c" /* yacc.c:1646 */ break; - case 193: -#line 418 "util/configparser.y" /* yacc.c:1646 */ + case 216: +#line 526 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2425,11 +2644,11 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2429 "util/configparser.c" /* yacc.c:1646 */ +#line 2648 "util/configparser.c" /* yacc.c:1646 */ break; - case 194: -#line 427 "util/configparser.y" /* yacc.c:1646 */ + case 217: +#line 535 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2437,11 +2656,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2441 "util/configparser.c" /* yacc.c:1646 */ +#line 2660 "util/configparser.c" /* yacc.c:1646 */ break; - case 195: -#line 436 "util/configparser.y" /* yacc.c:1646 */ + case 218: +#line 544 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2449,11 +2668,11 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2453 "util/configparser.c" /* yacc.c:1646 */ +#line 2672 "util/configparser.c" /* yacc.c:1646 */ break; - case 196: -#line 445 "util/configparser.y" /* yacc.c:1646 */ + case 219: +#line 553 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2461,11 +2680,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2465 "util/configparser.c" /* yacc.c:1646 */ +#line 2684 "util/configparser.c" /* yacc.c:1646 */ break; - case 197: -#line 454 "util/configparser.y" /* yacc.c:1646 */ + case 220: +#line 562 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2473,11 +2692,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2477 "util/configparser.c" /* yacc.c:1646 */ +#line 2696 "util/configparser.c" /* yacc.c:1646 */ break; - case 198: -#line 463 "util/configparser.y" /* yacc.c:1646 */ + case 221: +#line 571 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2485,11 +2704,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2489 "util/configparser.c" /* yacc.c:1646 */ +#line 2708 "util/configparser.c" /* yacc.c:1646 */ break; - case 199: -#line 472 "util/configparser.y" /* yacc.c:1646 */ + case 222: +#line 580 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2497,11 +2716,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2501 "util/configparser.c" /* yacc.c:1646 */ +#line 2720 "util/configparser.c" /* yacc.c:1646 */ break; - case 200: -#line 481 "util/configparser.y" /* yacc.c:1646 */ + case 223: +#line 589 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2509,31 +2728,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2513 "util/configparser.c" /* yacc.c:1646 */ +#line 2732 "util/configparser.c" /* yacc.c:1646 */ break; - case 201: -#line 490 "util/configparser.y" /* yacc.c:1646 */ + case 224: +#line 598 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 2523 "util/configparser.c" /* yacc.c:1646 */ +#line 2742 "util/configparser.c" /* yacc.c:1646 */ break; - case 202: -#line 497 "util/configparser.y" /* yacc.c:1646 */ + case 225: +#line 605 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 2533 "util/configparser.c" /* yacc.c:1646 */ +#line 2752 "util/configparser.c" /* yacc.c:1646 */ break; - case 203: -#line 504 "util/configparser.y" /* yacc.c:1646 */ + case 226: +#line 612 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2541,11 +2760,11 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2545 "util/configparser.c" /* yacc.c:1646 */ +#line 2764 "util/configparser.c" /* yacc.c:1646 */ break; - case 204: -#line 513 "util/configparser.y" /* yacc.c:1646 */ + case 227: +#line 621 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2553,11 +2772,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2557 "util/configparser.c" /* yacc.c:1646 */ +#line 2776 "util/configparser.c" /* yacc.c:1646 */ break; - case 205: -#line 522 "util/configparser.y" /* yacc.c:1646 */ + case 228: +#line 630 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2565,11 +2784,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2569 "util/configparser.c" /* yacc.c:1646 */ +#line 2788 "util/configparser.c" /* yacc.c:1646 */ break; - case 206: -#line 531 "util/configparser.y" /* yacc.c:1646 */ + case 229: +#line 639 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2582,11 +2801,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2586 "util/configparser.c" /* yacc.c:1646 */ +#line 2805 "util/configparser.c" /* yacc.c:1646 */ break; - case 207: -#line 545 "util/configparser.y" /* yacc.c:1646 */ + case 230: +#line 653 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2594,11 +2813,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2598 "util/configparser.c" /* yacc.c:1646 */ +#line 2817 "util/configparser.c" /* yacc.c:1646 */ break; - case 208: -#line 554 "util/configparser.y" /* yacc.c:1646 */ + case 231: +#line 662 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2606,11 +2825,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2610 "util/configparser.c" /* yacc.c:1646 */ +#line 2829 "util/configparser.c" /* yacc.c:1646 */ break; - case 209: -#line 563 "util/configparser.y" /* yacc.c:1646 */ + case 232: +#line 671 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2618,31 +2837,31 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2622 "util/configparser.c" /* yacc.c:1646 */ +#line 2841 "util/configparser.c" /* yacc.c:1646 */ break; - case 210: -#line 572 "util/configparser.y" /* yacc.c:1646 */ + case 233: +#line 680 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 2632 "util/configparser.c" /* yacc.c:1646 */ +#line 2851 "util/configparser.c" /* yacc.c:1646 */ break; - case 211: -#line 579 "util/configparser.y" /* yacc.c:1646 */ + case 234: +#line 687 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 2642 "util/configparser.c" /* yacc.c:1646 */ +#line 2861 "util/configparser.c" /* yacc.c:1646 */ break; - case 212: -#line 586 "util/configparser.y" /* yacc.c:1646 */ + case 235: +#line 694 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -2667,115 +2886,115 @@ yyreduce: } } } -#line 2671 "util/configparser.c" /* yacc.c:1646 */ +#line 2890 "util/configparser.c" /* yacc.c:1646 */ break; - case 213: -#line 612 "util/configparser.y" /* yacc.c:1646 */ + case 236: +#line 720 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 2682 "util/configparser.c" /* yacc.c:1646 */ +#line 2901 "util/configparser.c" /* yacc.c:1646 */ break; - case 214: -#line 620 "util/configparser.y" /* yacc.c:1646 */ + case 237: +#line 728 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 2692 "util/configparser.c" /* yacc.c:1646 */ +#line 2911 "util/configparser.c" /* yacc.c:1646 */ break; - case 215: -#line 627 "util/configparser.y" /* yacc.c:1646 */ + case 238: +#line 735 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2702 "util/configparser.c" /* yacc.c:1646 */ +#line 2921 "util/configparser.c" /* yacc.c:1646 */ break; - case 216: -#line 634 "util/configparser.y" /* yacc.c:1646 */ + case 239: +#line 742 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); } -#line 2712 "util/configparser.c" /* yacc.c:1646 */ +#line 2931 "util/configparser.c" /* yacc.c:1646 */ break; - case 217: -#line 641 "util/configparser.y" /* yacc.c:1646 */ + case 240: +#line 749 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2722 "util/configparser.c" /* yacc.c:1646 */ +#line 2941 "util/configparser.c" /* yacc.c:1646 */ break; - case 218: -#line 648 "util/configparser.y" /* yacc.c:1646 */ + case 241: +#line 756 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2733 "util/configparser.c" /* yacc.c:1646 */ +#line 2952 "util/configparser.c" /* yacc.c:1646 */ break; - case 219: -#line 656 "util/configparser.y" /* yacc.c:1646 */ + case 242: +#line 764 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2744 "util/configparser.c" /* yacc.c:1646 */ +#line 2963 "util/configparser.c" /* yacc.c:1646 */ break; - case 220: -#line 664 "util/configparser.y" /* yacc.c:1646 */ + case 243: +#line 772 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2755 "util/configparser.c" /* yacc.c:1646 */ +#line 2974 "util/configparser.c" /* yacc.c:1646 */ break; - case 221: -#line 672 "util/configparser.y" /* yacc.c:1646 */ + case 244: +#line 780 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2765 "util/configparser.c" /* yacc.c:1646 */ +#line 2984 "util/configparser.c" /* yacc.c:1646 */ break; - case 222: -#line 679 "util/configparser.y" /* yacc.c:1646 */ + case 245: +#line 787 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 2775 "util/configparser.c" /* yacc.c:1646 */ +#line 2994 "util/configparser.c" /* yacc.c:1646 */ break; - case 223: -#line 686 "util/configparser.y" /* yacc.c:1646 */ + case 246: +#line 794 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2783,11 +3002,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2787 "util/configparser.c" /* yacc.c:1646 */ +#line 3006 "util/configparser.c" /* yacc.c:1646 */ break; - case 224: -#line 695 "util/configparser.y" /* yacc.c:1646 */ + case 247: +#line 803 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2795,53 +3014,65 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2799 "util/configparser.c" /* yacc.c:1646 */ +#line 3018 "util/configparser.c" /* yacc.c:1646 */ break; - case 225: -#line 704 "util/configparser.y" /* yacc.c:1646 */ + case 248: +#line 812 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3030 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 249: +#line 821 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 2809 "util/configparser.c" /* yacc.c:1646 */ +#line 3040 "util/configparser.c" /* yacc.c:1646 */ break; - case 226: -#line 711 "util/configparser.y" /* yacc.c:1646 */ + case 250: +#line 828 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 2819 "util/configparser.c" /* yacc.c:1646 */ +#line 3050 "util/configparser.c" /* yacc.c:1646 */ break; - case 227: -#line 718 "util/configparser.y" /* yacc.c:1646 */ + case 251: +#line 835 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 2830 "util/configparser.c" /* yacc.c:1646 */ +#line 3061 "util/configparser.c" /* yacc.c:1646 */ break; - case 228: -#line 726 "util/configparser.y" /* yacc.c:1646 */ + case 252: +#line 843 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 2841 "util/configparser.c" /* yacc.c:1646 */ +#line 3072 "util/configparser.c" /* yacc.c:1646 */ break; - case 229: -#line 734 "util/configparser.y" /* yacc.c:1646 */ + case 253: +#line 851 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2850,11 +3081,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2854 "util/configparser.c" /* yacc.c:1646 */ +#line 3085 "util/configparser.c" /* yacc.c:1646 */ break; - case 230: -#line 744 "util/configparser.y" /* yacc.c:1646 */ + case 254: +#line 861 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2863,11 +3094,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2867 "util/configparser.c" /* yacc.c:1646 */ +#line 3098 "util/configparser.c" /* yacc.c:1646 */ break; - case 231: -#line 754 "util/configparser.y" /* yacc.c:1646 */ + case 255: +#line 871 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2876,11 +3107,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2880 "util/configparser.c" /* yacc.c:1646 */ +#line 3111 "util/configparser.c" /* yacc.c:1646 */ break; - case 232: -#line 764 "util/configparser.y" /* yacc.c:1646 */ + case 256: +#line 881 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2892,11 +3123,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2896 "util/configparser.c" /* yacc.c:1646 */ +#line 3127 "util/configparser.c" /* yacc.c:1646 */ break; - case 233: -#line 777 "util/configparser.y" /* yacc.c:1646 */ + case 257: +#line 894 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2906,22 +3137,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2910 "util/configparser.c" /* yacc.c:1646 */ +#line 3141 "util/configparser.c" /* yacc.c:1646 */ break; - case 234: -#line 788 "util/configparser.y" /* yacc.c:1646 */ + case 258: +#line 905 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 2921 "util/configparser.c" /* yacc.c:1646 */ +#line 3152 "util/configparser.c" /* yacc.c:1646 */ break; - case 235: -#line 796 "util/configparser.y" /* yacc.c:1646 */ + case 259: +#line 913 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2933,11 +3164,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 2937 "util/configparser.c" /* yacc.c:1646 */ +#line 3168 "util/configparser.c" /* yacc.c:1646 */ break; - case 236: -#line 809 "util/configparser.y" /* yacc.c:1646 */ + case 260: +#line 926 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2945,11 +3176,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2949 "util/configparser.c" /* yacc.c:1646 */ +#line 3180 "util/configparser.c" /* yacc.c:1646 */ break; - case 237: -#line 818 "util/configparser.y" /* yacc.c:1646 */ + case 261: +#line 935 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2957,11 +3188,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2961 "util/configparser.c" /* yacc.c:1646 */ +#line 3192 "util/configparser.c" /* yacc.c:1646 */ break; - case 238: -#line 827 "util/configparser.y" /* yacc.c:1646 */ + case 262: +#line 944 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2969,11 +3200,11 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2973 "util/configparser.c" /* yacc.c:1646 */ +#line 3204 "util/configparser.c" /* yacc.c:1646 */ break; - case 239: -#line 836 "util/configparser.y" /* yacc.c:1646 */ + case 263: +#line 953 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2982,11 +3213,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2986 "util/configparser.c" /* yacc.c:1646 */ +#line 3217 "util/configparser.c" /* yacc.c:1646 */ break; - case 240: -#line 846 "util/configparser.y" /* yacc.c:1646 */ + case 264: +#line 963 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2995,22 +3226,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2999 "util/configparser.c" /* yacc.c:1646 */ +#line 3230 "util/configparser.c" /* yacc.c:1646 */ break; - case 241: -#line 856 "util/configparser.y" /* yacc.c:1646 */ + case 265: +#line 973 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3010 "util/configparser.c" /* yacc.c:1646 */ +#line 3241 "util/configparser.c" /* yacc.c:1646 */ break; - case 242: -#line 864 "util/configparser.y" /* yacc.c:1646 */ + case 266: +#line 981 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3022,11 +3253,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3026 "util/configparser.c" /* yacc.c:1646 */ +#line 3257 "util/configparser.c" /* yacc.c:1646 */ break; - case 243: -#line 877 "util/configparser.y" /* yacc.c:1646 */ + case 267: +#line 994 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3034,22 +3265,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3038 "util/configparser.c" /* yacc.c:1646 */ +#line 3269 "util/configparser.c" /* yacc.c:1646 */ break; - case 244: -#line 886 "util/configparser.y" /* yacc.c:1646 */ + case 268: +#line 1003 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3049 "util/configparser.c" /* yacc.c:1646 */ +#line 3280 "util/configparser.c" /* yacc.c:1646 */ break; - case 245: -#line 894 "util/configparser.y" /* yacc.c:1646 */ + case 269: +#line 1011 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3057,22 +3288,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3061 "util/configparser.c" /* yacc.c:1646 */ +#line 3292 "util/configparser.c" /* yacc.c:1646 */ break; - case 246: -#line 903 "util/configparser.y" /* yacc.c:1646 */ + case 270: +#line 1020 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3072 "util/configparser.c" /* yacc.c:1646 */ +#line 3303 "util/configparser.c" /* yacc.c:1646 */ break; - case 247: -#line 911 "util/configparser.y" /* yacc.c:1646 */ + case 271: +#line 1028 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3084,11 +3315,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3088 "util/configparser.c" /* yacc.c:1646 */ +#line 3319 "util/configparser.c" /* yacc.c:1646 */ break; - case 248: -#line 924 "util/configparser.y" /* yacc.c:1646 */ + case 272: +#line 1041 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3096,21 +3327,21 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3100 "util/configparser.c" /* yacc.c:1646 */ +#line 3331 "util/configparser.c" /* yacc.c:1646 */ break; - case 249: -#line 933 "util/configparser.y" /* yacc.c:1646 */ + case 273: +#line 1050 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 3110 "util/configparser.c" /* yacc.c:1646 */ +#line 3341 "util/configparser.c" /* yacc.c:1646 */ break; - case 250: -#line 940 "util/configparser.y" /* yacc.c:1646 */ + case 274: +#line 1057 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3119,11 +3350,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3123 "util/configparser.c" /* yacc.c:1646 */ +#line 3354 "util/configparser.c" /* yacc.c:1646 */ break; - case 251: -#line 950 "util/configparser.y" /* yacc.c:1646 */ + case 275: +#line 1067 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3132,11 +3363,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3136 "util/configparser.c" /* yacc.c:1646 */ +#line 3367 "util/configparser.c" /* yacc.c:1646 */ break; - case 252: -#line 960 "util/configparser.y" /* yacc.c:1646 */ + case 276: +#line 1077 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3145,11 +3376,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3149 "util/configparser.c" /* yacc.c:1646 */ +#line 3380 "util/configparser.c" /* yacc.c:1646 */ break; - case 253: -#line 970 "util/configparser.y" /* yacc.c:1646 */ + case 277: +#line 1087 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3158,11 +3389,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3162 "util/configparser.c" /* yacc.c:1646 */ +#line 3393 "util/configparser.c" /* yacc.c:1646 */ break; - case 254: -#line 980 "util/configparser.y" /* yacc.c:1646 */ + case 278: +#line 1097 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3171,11 +3402,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3175 "util/configparser.c" /* yacc.c:1646 */ +#line 3406 "util/configparser.c" /* yacc.c:1646 */ break; - case 255: -#line 990 "util/configparser.y" /* yacc.c:1646 */ + case 279: +#line 1107 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3184,11 +3415,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3188 "util/configparser.c" /* yacc.c:1646 */ +#line 3419 "util/configparser.c" /* yacc.c:1646 */ break; - case 256: -#line 1000 "util/configparser.y" /* yacc.c:1646 */ + case 280: +#line 1117 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3197,11 +3428,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3201 "util/configparser.c" /* yacc.c:1646 */ +#line 3432 "util/configparser.c" /* yacc.c:1646 */ break; - case 257: -#line 1010 "util/configparser.y" /* yacc.c:1646 */ + case 281: +#line 1127 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3210,41 +3441,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3214 "util/configparser.c" /* yacc.c:1646 */ +#line 3445 "util/configparser.c" /* yacc.c:1646 */ break; - case 258: -#line 1020 "util/configparser.y" /* yacc.c:1646 */ + case 282: +#line 1137 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3224 "util/configparser.c" /* yacc.c:1646 */ +#line 3455 "util/configparser.c" /* yacc.c:1646 */ break; - case 259: -#line 1027 "util/configparser.y" /* yacc.c:1646 */ + case 283: +#line 1144 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3234 "util/configparser.c" /* yacc.c:1646 */ +#line 3465 "util/configparser.c" /* yacc.c:1646 */ break; - case 260: -#line 1034 "util/configparser.y" /* yacc.c:1646 */ + case 284: +#line 1151 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3244 "util/configparser.c" /* yacc.c:1646 */ +#line 3475 "util/configparser.c" /* yacc.c:1646 */ break; - case 261: -#line 1041 "util/configparser.y" /* yacc.c:1646 */ + case 285: +#line 1158 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3252,11 +3483,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3256 "util/configparser.c" /* yacc.c:1646 */ +#line 3487 "util/configparser.c" /* yacc.c:1646 */ break; - case 262: -#line 1050 "util/configparser.y" /* yacc.c:1646 */ + case 286: +#line 1167 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3264,11 +3495,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3268 "util/configparser.c" /* yacc.c:1646 */ +#line 3499 "util/configparser.c" /* yacc.c:1646 */ break; - case 263: -#line 1059 "util/configparser.y" /* yacc.c:1646 */ + case 287: +#line 1176 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3276,21 +3507,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3280 "util/configparser.c" /* yacc.c:1646 */ +#line 3511 "util/configparser.c" /* yacc.c:1646 */ break; - case 264: -#line 1068 "util/configparser.y" /* yacc.c:1646 */ + case 288: +#line 1185 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3290 "util/configparser.c" /* yacc.c:1646 */ +#line 3521 "util/configparser.c" /* yacc.c:1646 */ break; - case 265: -#line 1075 "util/configparser.y" /* yacc.c:1646 */ + case 289: +#line 1192 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3299,11 +3530,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3303 "util/configparser.c" /* yacc.c:1646 */ +#line 3534 "util/configparser.c" /* yacc.c:1646 */ break; - case 266: -#line 1085 "util/configparser.y" /* yacc.c:1646 */ + case 290: +#line 1202 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -3319,21 +3550,21 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 3323 "util/configparser.c" /* yacc.c:1646 */ +#line 3554 "util/configparser.c" /* yacc.c:1646 */ break; - case 267: -#line 1102 "util/configparser.y" /* yacc.c:1646 */ + case 291: +#line 1219 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 3333 "util/configparser.c" /* yacc.c:1646 */ +#line 3564 "util/configparser.c" /* yacc.c:1646 */ break; - case 268: -#line 1109 "util/configparser.y" /* yacc.c:1646 */ + case 292: +#line 1226 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3350,11 +3581,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3354 "util/configparser.c" /* yacc.c:1646 */ +#line 3585 "util/configparser.c" /* yacc.c:1646 */ break; - case 269: -#line 1127 "util/configparser.y" /* yacc.c:1646 */ + case 293: +#line 1244 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3366,11 +3597,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3370 "util/configparser.c" /* yacc.c:1646 */ +#line 3601 "util/configparser.c" /* yacc.c:1646 */ break; - case 270: -#line 1140 "util/configparser.y" /* yacc.c:1646 */ + case 294: +#line 1257 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3382,11 +3613,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3386 "util/configparser.c" /* yacc.c:1646 */ +#line 3617 "util/configparser.c" /* yacc.c:1646 */ break; - case 271: -#line 1153 "util/configparser.y" /* yacc.c:1646 */ + case 295: +#line 1270 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3394,11 +3625,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3398 "util/configparser.c" /* yacc.c:1646 */ +#line 3629 "util/configparser.c" /* yacc.c:1646 */ break; - case 272: -#line 1162 "util/configparser.y" /* yacc.c:1646 */ + case 296: +#line 1279 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3406,11 +3637,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3410 "util/configparser.c" /* yacc.c:1646 */ +#line 3641 "util/configparser.c" /* yacc.c:1646 */ break; - case 273: -#line 1171 "util/configparser.y" /* yacc.c:1646 */ + case 297: +#line 1288 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3418,11 +3649,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3422 "util/configparser.c" /* yacc.c:1646 */ +#line 3653 "util/configparser.c" /* yacc.c:1646 */ break; - case 274: -#line 1180 "util/configparser.y" /* yacc.c:1646 */ + case 298: +#line 1297 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3430,11 +3661,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3434 "util/configparser.c" /* yacc.c:1646 */ +#line 3665 "util/configparser.c" /* yacc.c:1646 */ break; - case 275: -#line 1189 "util/configparser.y" /* yacc.c:1646 */ + case 299: +#line 1306 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3443,11 +3674,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3447 "util/configparser.c" /* yacc.c:1646 */ +#line 3678 "util/configparser.c" /* yacc.c:1646 */ break; - case 276: -#line 1199 "util/configparser.y" /* yacc.c:1646 */ + case 300: +#line 1316 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3456,11 +3687,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3460 "util/configparser.c" /* yacc.c:1646 */ +#line 3691 "util/configparser.c" /* yacc.c:1646 */ break; - case 277: -#line 1209 "util/configparser.y" /* yacc.c:1646 */ + case 301: +#line 1326 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3468,11 +3699,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3472 "util/configparser.c" /* yacc.c:1646 */ +#line 3703 "util/configparser.c" /* yacc.c:1646 */ break; - case 278: -#line 1218 "util/configparser.y" /* yacc.c:1646 */ + case 302: +#line 1335 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3480,11 +3711,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3484 "util/configparser.c" /* yacc.c:1646 */ +#line 3715 "util/configparser.c" /* yacc.c:1646 */ break; - case 279: -#line 1227 "util/configparser.y" /* yacc.c:1646 */ + case 303: +#line 1344 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3496,11 +3727,27 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3500 "util/configparser.c" /* yacc.c:1646 */ +#line 3731 "util/configparser.c" /* yacc.c:1646 */ break; - case 280: -#line 1240 "util/configparser.y" /* yacc.c:1646 */ + case 304: +#line 1357 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); +#ifdef HAVE_SSL + else fake_sha1 = (strcmp((yyvsp[0].str), "yes")==0); + if(fake_sha1) + log_warn("test option fake_sha1 is enabled"); +#endif + free((yyvsp[0].str)); + } +#line 3747 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 305: +#line 1370 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3508,21 +3755,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3512 "util/configparser.c" /* yacc.c:1646 */ +#line 3759 "util/configparser.c" /* yacc.c:1646 */ break; - case 281: -#line 1249 "util/configparser.y" /* yacc.c:1646 */ + case 306: +#line 1379 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 3522 "util/configparser.c" /* yacc.c:1646 */ +#line 3769 "util/configparser.c" /* yacc.c:1646 */ break; - case 282: -#line 1256 "util/configparser.y" /* yacc.c:1646 */ + case 307: +#line 1386 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3530,11 +3777,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3534 "util/configparser.c" /* yacc.c:1646 */ +#line 3781 "util/configparser.c" /* yacc.c:1646 */ break; - case 283: -#line 1265 "util/configparser.y" /* yacc.c:1646 */ + case 308: +#line 1395 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3542,11 +3789,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3546 "util/configparser.c" /* yacc.c:1646 */ +#line 3793 "util/configparser.c" /* yacc.c:1646 */ break; - case 284: -#line 1274 "util/configparser.y" /* yacc.c:1646 */ + case 309: +#line 1404 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3554,11 +3801,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3558 "util/configparser.c" /* yacc.c:1646 */ +#line 3805 "util/configparser.c" /* yacc.c:1646 */ break; - case 285: -#line 1283 "util/configparser.y" /* yacc.c:1646 */ + case 310: +#line 1413 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3567,22 +3814,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3571 "util/configparser.c" /* yacc.c:1646 */ +#line 3818 "util/configparser.c" /* yacc.c:1646 */ break; - case 286: -#line 1292 "util/configparser.y" /* yacc.c:1646 */ + case 311: +#line 1422 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3582 "util/configparser.c" /* yacc.c:1646 */ +#line 3829 "util/configparser.c" /* yacc.c:1646 */ break; - case 287: -#line 1300 "util/configparser.y" /* yacc.c:1646 */ + case 312: +#line 1430 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3594,22 +3841,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3598 "util/configparser.c" /* yacc.c:1646 */ +#line 3845 "util/configparser.c" /* yacc.c:1646 */ break; - case 288: -#line 1313 "util/configparser.y" /* yacc.c:1646 */ + case 313: +#line 1443 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3609 "util/configparser.c" /* yacc.c:1646 */ +#line 3856 "util/configparser.c" /* yacc.c:1646 */ break; - case 289: -#line 1321 "util/configparser.y" /* yacc.c:1646 */ + case 314: +#line 1451 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -3636,21 +3883,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 3640 "util/configparser.c" /* yacc.c:1646 */ +#line 3887 "util/configparser.c" /* yacc.c:1646 */ break; - case 290: -#line 1349 "util/configparser.y" /* yacc.c:1646 */ + case 315: +#line 1479 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 3650 "util/configparser.c" /* yacc.c:1646 */ +#line 3897 "util/configparser.c" /* yacc.c:1646 */ break; - case 291: -#line 1356 "util/configparser.y" /* yacc.c:1646 */ + case 316: +#line 1486 "util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -3664,11 +3911,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 3668 "util/configparser.c" /* yacc.c:1646 */ +#line 3915 "util/configparser.c" /* yacc.c:1646 */ break; - case 292: -#line 1371 "util/configparser.y" /* yacc.c:1646 */ + case 317: +#line 1501 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3677,11 +3924,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3681 "util/configparser.c" /* yacc.c:1646 */ +#line 3928 "util/configparser.c" /* yacc.c:1646 */ break; - case 293: -#line 1381 "util/configparser.y" /* yacc.c:1646 */ + case 318: +#line 1511 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3690,31 +3937,31 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3694 "util/configparser.c" /* yacc.c:1646 */ +#line 3941 "util/configparser.c" /* yacc.c:1646 */ break; - case 294: -#line 1391 "util/configparser.y" /* yacc.c:1646 */ + case 319: +#line 1521 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3704 "util/configparser.c" /* yacc.c:1646 */ +#line 3951 "util/configparser.c" /* yacc.c:1646 */ break; - case 295: -#line 1398 "util/configparser.y" /* yacc.c:1646 */ + case 320: +#line 1528 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 3714 "util/configparser.c" /* yacc.c:1646 */ +#line 3961 "util/configparser.c" /* yacc.c:1646 */ break; - case 296: -#line 1405 "util/configparser.y" /* yacc.c:1646 */ + case 321: +#line 1535 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3722,11 +3969,11 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3726 "util/configparser.c" /* yacc.c:1646 */ +#line 3973 "util/configparser.c" /* yacc.c:1646 */ break; - case 297: -#line 1414 "util/configparser.y" /* yacc.c:1646 */ + case 322: +#line 1544 "util/configparser.y" /* yacc.c:1646 */ { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -3739,11 +3986,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3743 "util/configparser.c" /* yacc.c:1646 */ +#line 3990 "util/configparser.c" /* yacc.c:1646 */ break; - case 298: -#line 1428 "util/configparser.y" /* yacc.c:1646 */ + case 323: +#line 1558 "util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -3761,11 +4008,11 @@ yyreduce: } } } -#line 3765 "util/configparser.c" /* yacc.c:1646 */ +#line 4012 "util/configparser.c" /* yacc.c:1646 */ break; - case 299: -#line 1447 "util/configparser.y" /* yacc.c:1646 */ + case 324: +#line 1577 "util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -3783,11 +4030,11 @@ yyreduce: } } } -#line 3787 "util/configparser.c" /* yacc.c:1646 */ +#line 4034 "util/configparser.c" /* yacc.c:1646 */ break; - case 300: -#line 1466 "util/configparser.y" /* yacc.c:1646 */ + case 325: +#line 1596 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -3798,11 +4045,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 3802 "util/configparser.c" /* yacc.c:1646 */ +#line 4049 "util/configparser.c" /* yacc.c:1646 */ break; - case 301: -#line 1478 "util/configparser.y" /* yacc.c:1646 */ + case 326: +#line 1608 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -3813,11 +4060,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 3817 "util/configparser.c" /* yacc.c:1646 */ +#line 4064 "util/configparser.c" /* yacc.c:1646 */ break; - case 302: -#line 1490 "util/configparser.y" /* yacc.c:1646 */ + case 327: +#line 1620 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -3828,11 +4075,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 3832 "util/configparser.c" /* yacc.c:1646 */ +#line 4079 "util/configparser.c" /* yacc.c:1646 */ break; - case 303: -#line 1502 "util/configparser.y" /* yacc.c:1646 */ + case 328: +#line 1632 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -3842,11 +4089,33 @@ yyreduce: free((yyvsp[0].str)); } } -#line 3846 "util/configparser.c" /* yacc.c:1646 */ +#line 4093 "util/configparser.c" /* yacc.c:1646 */ break; - case 304: -#line 1513 "util/configparser.y" /* yacc.c:1646 */ + case 329: +#line 1643 "util/configparser.y" /* yacc.c:1646 */ + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), + &len); + free((yyvsp[0].str)); + OUTYY(("P(response_ip_tag:%s)\n", (yyvsp[-1].str))); + if(!bitlist) + yyerror("could not parse tags, (define-tag them first)"); + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->respip_tags, + (yyvsp[-1].str), bitlist, len)) { + yyerror("out of memory"); + free((yyvsp[-1].str)); + } + } + } +#line 4115 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 330: +#line 1662 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3854,11 +4123,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3858 "util/configparser.c" /* yacc.c:1646 */ +#line 4127 "util/configparser.c" /* yacc.c:1646 */ break; - case 305: -#line 1523 "util/configparser.y" /* yacc.c:1646 */ + case 331: +#line 1672 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3866,33 +4135,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3870 "util/configparser.c" /* yacc.c:1646 */ +#line 4139 "util/configparser.c" /* yacc.c:1646 */ break; - case 306: -#line 1532 "util/configparser.y" /* yacc.c:1646 */ + case 332: +#line 1681 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3881 "util/configparser.c" /* yacc.c:1646 */ +#line 4150 "util/configparser.c" /* yacc.c:1646 */ break; - case 307: -#line 1540 "util/configparser.y" /* yacc.c:1646 */ + case 333: +#line 1689 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3892 "util/configparser.c" /* yacc.c:1646 */ +#line 4161 "util/configparser.c" /* yacc.c:1646 */ break; - case 308: -#line 1548 "util/configparser.y" /* yacc.c:1646 */ + case 334: +#line 1697 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3904,11 +4173,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3908 "util/configparser.c" /* yacc.c:1646 */ +#line 4177 "util/configparser.c" /* yacc.c:1646 */ break; - case 309: -#line 1561 "util/configparser.y" /* yacc.c:1646 */ + case 335: +#line 1710 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3920,11 +4189,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3924 "util/configparser.c" /* yacc.c:1646 */ +#line 4193 "util/configparser.c" /* yacc.c:1646 */ break; - case 310: -#line 1574 "util/configparser.y" /* yacc.c:1646 */ + case 336: +#line 1723 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -3936,11 +4205,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 3940 "util/configparser.c" /* yacc.c:1646 */ +#line 4209 "util/configparser.c" /* yacc.c:1646 */ break; - case 311: -#line 1587 "util/configparser.y" /* yacc.c:1646 */ + case 337: +#line 1736 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -3952,11 +4221,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 3956 "util/configparser.c" /* yacc.c:1646 */ +#line 4225 "util/configparser.c" /* yacc.c:1646 */ break; - case 312: -#line 1600 "util/configparser.y" /* yacc.c:1646 */ + case 338: +#line 1749 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3964,11 +4233,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3968 "util/configparser.c" /* yacc.c:1646 */ +#line 4237 "util/configparser.c" /* yacc.c:1646 */ break; - case 313: -#line 1609 "util/configparser.y" /* yacc.c:1646 */ + case 339: +#line 1758 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3976,11 +4245,11 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3980 "util/configparser.c" /* yacc.c:1646 */ +#line 4249 "util/configparser.c" /* yacc.c:1646 */ break; - case 314: -#line 1618 "util/configparser.y" /* yacc.c:1646 */ + case 340: +#line 1767 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3989,11 +4258,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3993 "util/configparser.c" /* yacc.c:1646 */ +#line 4262 "util/configparser.c" /* yacc.c:1646 */ break; - case 315: -#line 1628 "util/configparser.y" /* yacc.c:1646 */ + case 341: +#line 1777 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4002,11 +4271,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4006 "util/configparser.c" /* yacc.c:1646 */ +#line 4275 "util/configparser.c" /* yacc.c:1646 */ break; - case 316: -#line 1638 "util/configparser.y" /* yacc.c:1646 */ + case 342: +#line 1787 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -4015,31 +4284,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 4019 "util/configparser.c" /* yacc.c:1646 */ +#line 4288 "util/configparser.c" /* yacc.c:1646 */ break; - case 317: -#line 1648 "util/configparser.y" /* yacc.c:1646 */ + case 343: +#line 1797 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4029 "util/configparser.c" /* yacc.c:1646 */ +#line 4298 "util/configparser.c" /* yacc.c:1646 */ break; - case 318: -#line 1655 "util/configparser.y" /* yacc.c:1646 */ + case 344: +#line 1804 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4039 "util/configparser.c" /* yacc.c:1646 */ +#line 4308 "util/configparser.c" /* yacc.c:1646 */ break; - case 319: -#line 1662 "util/configparser.y" /* yacc.c:1646 */ + case 345: +#line 1811 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4047,11 +4316,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4051 "util/configparser.c" /* yacc.c:1646 */ +#line 4320 "util/configparser.c" /* yacc.c:1646 */ break; - case 320: -#line 1671 "util/configparser.y" /* yacc.c:1646 */ + case 346: +#line 1820 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4060,11 +4329,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4064 "util/configparser.c" /* yacc.c:1646 */ +#line 4333 "util/configparser.c" /* yacc.c:1646 */ break; - case 321: -#line 1681 "util/configparser.y" /* yacc.c:1646 */ + case 347: +#line 1830 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4073,11 +4342,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4077 "util/configparser.c" /* yacc.c:1646 */ +#line 4346 "util/configparser.c" /* yacc.c:1646 */ break; - case 322: -#line 1691 "util/configparser.y" /* yacc.c:1646 */ + case 348: +#line 1840 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -4086,31 +4355,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 4090 "util/configparser.c" /* yacc.c:1646 */ +#line 4359 "util/configparser.c" /* yacc.c:1646 */ break; - case 323: -#line 1701 "util/configparser.y" /* yacc.c:1646 */ + case 349: +#line 1850 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4100 "util/configparser.c" /* yacc.c:1646 */ +#line 4369 "util/configparser.c" /* yacc.c:1646 */ break; - case 324: -#line 1708 "util/configparser.y" /* yacc.c:1646 */ + case 350: +#line 1857 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4110 "util/configparser.c" /* yacc.c:1646 */ +#line 4379 "util/configparser.c" /* yacc.c:1646 */ break; - case 325: -#line 1715 "util/configparser.y" /* yacc.c:1646 */ + case 351: +#line 1864 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4118,11 +4387,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4122 "util/configparser.c" /* yacc.c:1646 */ +#line 4391 "util/configparser.c" /* yacc.c:1646 */ break; - case 326: -#line 1724 "util/configparser.y" /* yacc.c:1646 */ + case 352: +#line 1873 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4131,11 +4400,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4135 "util/configparser.c" /* yacc.c:1646 */ +#line 4404 "util/configparser.c" /* yacc.c:1646 */ break; - case 327: -#line 1734 "util/configparser.y" /* yacc.c:1646 */ + case 353: +#line 1883 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -4144,11 +4413,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 4148 "util/configparser.c" /* yacc.c:1646 */ +#line 4417 "util/configparser.c" /* yacc.c:1646 */ break; - case 328: -#line 1744 "util/configparser.y" /* yacc.c:1646 */ + case 354: +#line 1893 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -4176,11 +4445,35 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4180 "util/configparser.c" /* yacc.c:1646 */ +#line 4449 "util/configparser.c" /* yacc.c:1646 */ break; - case 329: -#line 1773 "util/configparser.y" /* yacc.c:1646 */ + case 355: +#line 1922 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + validate_respip_action((yyvsp[0].str)); + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->respip_actions, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding per-view " + "response-ip action"); + } +#line 4462 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 356: +#line 1932 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding response-ip-data"); + } +#line 4473 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 357: +#line 1940 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { @@ -4188,11 +4481,29 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4192 "util/configparser.c" /* yacc.c:1646 */ +#line 4485 "util/configparser.c" /* yacc.c:1646 */ break; - case 330: -#line 1782 "util/configparser.y" /* yacc.c:1646 */ + case 358: +#line 1949 "util/configparser.y" /* yacc.c:1646 */ + { + char* ptr; + OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); + ptr = cfg_ptr_reverse((yyvsp[0].str)); + free((yyvsp[0].str)); + if(ptr) { + if(!cfg_strlist_insert(&cfg_parser->cfg->views-> + local_data, ptr)) + fatal_exit("out of memory adding local-data"); + } else { + yyerror("local-data-ptr could not be reversed"); + } + } +#line 4503 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 359: +#line 1964 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4200,19 +4511,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4204 "util/configparser.c" /* yacc.c:1646 */ +#line 4515 "util/configparser.c" /* yacc.c:1646 */ break; - case 331: -#line 1791 "util/configparser.y" /* yacc.c:1646 */ + case 360: +#line 1973 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(remote-control:)\n")); } -#line 4212 "util/configparser.c" /* yacc.c:1646 */ +#line 4523 "util/configparser.c" /* yacc.c:1646 */ break; - case 342: -#line 1802 "util/configparser.y" /* yacc.c:1646 */ + case 371: +#line 1984 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4221,11 +4532,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4225 "util/configparser.c" /* yacc.c:1646 */ +#line 4536 "util/configparser.c" /* yacc.c:1646 */ break; - case 343: -#line 1812 "util/configparser.y" /* yacc.c:1646 */ + case 372: +#line 1994 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4233,21 +4544,21 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4237 "util/configparser.c" /* yacc.c:1646 */ +#line 4548 "util/configparser.c" /* yacc.c:1646 */ break; - case 344: -#line 1821 "util/configparser.y" /* yacc.c:1646 */ + case 373: +#line 2003 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4247 "util/configparser.c" /* yacc.c:1646 */ +#line 4558 "util/configparser.c" /* yacc.c:1646 */ break; - case 345: -#line 1828 "util/configparser.y" /* yacc.c:1646 */ + case 374: +#line 2010 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4256,122 +4567,122 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4260 "util/configparser.c" /* yacc.c:1646 */ +#line 4571 "util/configparser.c" /* yacc.c:1646 */ break; - case 346: -#line 1838 "util/configparser.y" /* yacc.c:1646 */ + case 375: +#line 2020 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 4270 "util/configparser.c" /* yacc.c:1646 */ +#line 4581 "util/configparser.c" /* yacc.c:1646 */ break; - case 347: -#line 1845 "util/configparser.y" /* yacc.c:1646 */ + case 376: +#line 2027 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 4280 "util/configparser.c" /* yacc.c:1646 */ +#line 4591 "util/configparser.c" /* yacc.c:1646 */ break; - case 348: -#line 1852 "util/configparser.y" /* yacc.c:1646 */ + case 377: +#line 2034 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 4290 "util/configparser.c" /* yacc.c:1646 */ +#line 4601 "util/configparser.c" /* yacc.c:1646 */ break; - case 349: -#line 1859 "util/configparser.y" /* yacc.c:1646 */ + case 378: +#line 2041 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 4300 "util/configparser.c" /* yacc.c:1646 */ +#line 4611 "util/configparser.c" /* yacc.c:1646 */ break; - case 350: -#line 1866 "util/configparser.y" /* yacc.c:1646 */ + case 379: +#line 2048 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnstap:)\n")); } -#line 4308 "util/configparser.c" /* yacc.c:1646 */ +#line 4619 "util/configparser.c" /* yacc.c:1646 */ break; - case 365: -#line 1883 "util/configparser.y" /* yacc.c:1646 */ + case 394: +#line 2065 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4319 "util/configparser.c" /* yacc.c:1646 */ +#line 4630 "util/configparser.c" /* yacc.c:1646 */ break; - case 366: -#line 1891 "util/configparser.y" /* yacc.c:1646 */ + case 395: +#line 2073 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 4329 "util/configparser.c" /* yacc.c:1646 */ +#line 4640 "util/configparser.c" /* yacc.c:1646 */ break; - case 367: -#line 1898 "util/configparser.y" /* yacc.c:1646 */ + case 396: +#line 2080 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4340 "util/configparser.c" /* yacc.c:1646 */ +#line 4651 "util/configparser.c" /* yacc.c:1646 */ break; - case 368: -#line 1906 "util/configparser.y" /* yacc.c:1646 */ + case 397: +#line 2088 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4351 "util/configparser.c" /* yacc.c:1646 */ +#line 4662 "util/configparser.c" /* yacc.c:1646 */ break; - case 369: -#line 1914 "util/configparser.y" /* yacc.c:1646 */ + case 398: +#line 2096 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 4361 "util/configparser.c" /* yacc.c:1646 */ +#line 4672 "util/configparser.c" /* yacc.c:1646 */ break; - case 370: -#line 1921 "util/configparser.y" /* yacc.c:1646 */ + case 399: +#line 2103 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 4371 "util/configparser.c" /* yacc.c:1646 */ +#line 4682 "util/configparser.c" /* yacc.c:1646 */ break; - case 371: -#line 1928 "util/configparser.y" /* yacc.c:1646 */ + case 400: +#line 2110 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4379,11 +4690,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_resolver_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4383 "util/configparser.c" /* yacc.c:1646 */ +#line 4694 "util/configparser.c" /* yacc.c:1646 */ break; - case 372: -#line 1937 "util/configparser.y" /* yacc.c:1646 */ + case 401: +#line 2119 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4391,11 +4702,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_resolver_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4395 "util/configparser.c" /* yacc.c:1646 */ +#line 4706 "util/configparser.c" /* yacc.c:1646 */ break; - case 373: -#line 1946 "util/configparser.y" /* yacc.c:1646 */ + case 402: +#line 2128 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4403,11 +4714,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_client_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4407 "util/configparser.c" /* yacc.c:1646 */ +#line 4718 "util/configparser.c" /* yacc.c:1646 */ break; - case 374: -#line 1955 "util/configparser.y" /* yacc.c:1646 */ + case 403: +#line 2137 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4415,11 +4726,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_client_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4419 "util/configparser.c" /* yacc.c:1646 */ +#line 4730 "util/configparser.c" /* yacc.c:1646 */ break; - case 375: -#line 1964 "util/configparser.y" /* yacc.c:1646 */ + case 404: +#line 2146 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4427,11 +4738,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_forwarder_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4431 "util/configparser.c" /* yacc.c:1646 */ +#line 4742 "util/configparser.c" /* yacc.c:1646 */ break; - case 376: -#line 1973 "util/configparser.y" /* yacc.c:1646 */ + case 405: +#line 2155 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4439,29 +4750,29 @@ yyreduce: else cfg_parser->cfg->dnstap_log_forwarder_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4443 "util/configparser.c" /* yacc.c:1646 */ +#line 4754 "util/configparser.c" /* yacc.c:1646 */ break; - case 377: -#line 1982 "util/configparser.y" /* yacc.c:1646 */ + case 406: +#line 2164 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(python:)\n")); } -#line 4451 "util/configparser.c" /* yacc.c:1646 */ +#line 4762 "util/configparser.c" /* yacc.c:1646 */ break; - case 381: -#line 1991 "util/configparser.y" /* yacc.c:1646 */ + case 410: +#line 2173 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->python_script); cfg_parser->cfg->python_script = (yyvsp[0].str); } -#line 4461 "util/configparser.c" /* yacc.c:1646 */ +#line 4772 "util/configparser.c" /* yacc.c:1646 */ break; - case 382: -#line 1997 "util/configparser.y" /* yacc.c:1646 */ + case 411: +#line 2179 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4470,21 +4781,107 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4474 "util/configparser.c" /* yacc.c:1646 */ +#line 4785 "util/configparser.c" /* yacc.c:1646 */ break; - case 383: -#line 2007 "util/configparser.y" /* yacc.c:1646 */ + case 412: +#line 2189 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 4484 "util/configparser.c" /* yacc.c:1646 */ +#line 4795 "util/configparser.c" /* yacc.c:1646 */ break; + case 413: +#line 2196 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + validate_respip_action((yyvsp[0].str)); + if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, + (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding response-ip"); + } +#line 4807 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 414: +#line 2205 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); + if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, + (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding response-ip-data"); + } +#line 4818 "util/configparser.c" /* yacc.c:1646 */ + break; -#line 4488 "util/configparser.c" /* yacc.c:1646 */ + case 415: +#line 2213 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("\nP(dnscrypt:)\n")); + OUTYY(("\nP(dnscrypt:)\n")); + } +#line 4827 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 423: +#line 2225 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); + } +#line 4838 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 424: +#line 2234 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); + + if(atoi((yyvsp[0].str)) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4851 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 425: +#line 2244 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnscrypt_provider); + cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); + } +#line 4861 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 426: +#line 2251 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) + fatal_exit("out of memory adding dnscrypt-provider-cert"); + } +#line 4871 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 427: +#line 2258 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) + fatal_exit("out of memory adding dnscrypt-secret-key"); + } +#line 4881 "util/configparser.c" /* yacc.c:1646 */ + break; + + +#line 4885 "util/configparser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -4712,7 +5109,23 @@ yyreturn: #endif return yyresult; } -#line 2013 "util/configparser.y" /* yacc.c:1906 */ +#line 2264 "util/configparser.y" /* yacc.c:1906 */ /* parse helper routines could be here */ +static void +validate_respip_action(const char* action) +{ + if(strcmp(action, "deny")!=0 && + strcmp(action, "redirect")!=0 && + strcmp(action, "inform")!=0 && + strcmp(action, "inform_deny")!=0 && + strcmp(action, "always_transparent")!=0 && + strcmp(action, "always_refuse")!=0 && + strcmp(action, "always_nxdomain")!=0) + { + yyerror("response-ip action: expected deny, redirect, " + "inform, inform_deny, always_transparent, " + "always_refuse or always_nxdomain"); + } +} diff --git a/util/configparser.h b/util/configparser.h index 3db0c547c8e5..937754cfef8f 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -200,38 +200,56 @@ extern int yydebug; VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, - VAR_HARDEN_ALGO_DOWNGRADE = 413, - VAR_IP_TRANSPARENT = 414, - VAR_DISABLE_DNSSEC_LAME_CHECK = 415, - VAR_IP_RATELIMIT = 416, - VAR_IP_RATELIMIT_SLABS = 417, - VAR_IP_RATELIMIT_SIZE = 418, - VAR_RATELIMIT = 419, - VAR_RATELIMIT_SLABS = 420, - VAR_RATELIMIT_SIZE = 421, - VAR_RATELIMIT_FOR_DOMAIN = 422, - VAR_RATELIMIT_BELOW_DOMAIN = 423, - VAR_IP_RATELIMIT_FACTOR = 424, - VAR_RATELIMIT_FACTOR = 425, - VAR_CAPS_WHITELIST = 426, - VAR_CACHE_MAX_NEGATIVE_TTL = 427, - VAR_PERMIT_SMALL_HOLDDOWN = 428, - VAR_QNAME_MINIMISATION = 429, - VAR_QNAME_MINIMISATION_STRICT = 430, - VAR_IP_FREEBIND = 431, - VAR_DEFINE_TAG = 432, - VAR_LOCAL_ZONE_TAG = 433, - VAR_ACCESS_CONTROL_TAG = 434, - VAR_LOCAL_ZONE_OVERRIDE = 435, - VAR_ACCESS_CONTROL_TAG_ACTION = 436, - VAR_ACCESS_CONTROL_TAG_DATA = 437, - VAR_VIEW = 438, - VAR_ACCESS_CONTROL_VIEW = 439, - VAR_VIEW_FIRST = 440, - VAR_SERVE_EXPIRED = 441, - VAR_FAKE_DSA = 442, - VAR_LOG_IDENTITY = 443, - VAR_USE_SYSTEMD = 444 + VAR_RESPONSE_IP_TAG = 413, + VAR_RESPONSE_IP = 414, + VAR_RESPONSE_IP_DATA = 415, + VAR_HARDEN_ALGO_DOWNGRADE = 416, + VAR_IP_TRANSPARENT = 417, + VAR_DISABLE_DNSSEC_LAME_CHECK = 418, + VAR_IP_RATELIMIT = 419, + VAR_IP_RATELIMIT_SLABS = 420, + VAR_IP_RATELIMIT_SIZE = 421, + VAR_RATELIMIT = 422, + VAR_RATELIMIT_SLABS = 423, + VAR_RATELIMIT_SIZE = 424, + VAR_RATELIMIT_FOR_DOMAIN = 425, + VAR_RATELIMIT_BELOW_DOMAIN = 426, + VAR_IP_RATELIMIT_FACTOR = 427, + VAR_RATELIMIT_FACTOR = 428, + VAR_SEND_CLIENT_SUBNET = 429, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 430, + VAR_CLIENT_SUBNET_OPCODE = 431, + VAR_MAX_CLIENT_SUBNET_IPV4 = 432, + VAR_MAX_CLIENT_SUBNET_IPV6 = 433, + VAR_CAPS_WHITELIST = 434, + VAR_CACHE_MAX_NEGATIVE_TTL = 435, + VAR_PERMIT_SMALL_HOLDDOWN = 436, + VAR_QNAME_MINIMISATION = 437, + VAR_QNAME_MINIMISATION_STRICT = 438, + VAR_IP_FREEBIND = 439, + VAR_DEFINE_TAG = 440, + VAR_LOCAL_ZONE_TAG = 441, + VAR_ACCESS_CONTROL_TAG = 442, + VAR_LOCAL_ZONE_OVERRIDE = 443, + VAR_ACCESS_CONTROL_TAG_ACTION = 444, + VAR_ACCESS_CONTROL_TAG_DATA = 445, + VAR_VIEW = 446, + VAR_ACCESS_CONTROL_VIEW = 447, + VAR_VIEW_FIRST = 448, + VAR_SERVE_EXPIRED = 449, + VAR_FAKE_DSA = 450, + VAR_FAKE_SHA1 = 451, + VAR_LOG_IDENTITY = 452, + VAR_HIDE_TRUSTANCHOR = 453, + VAR_USE_SYSTEMD = 454, + VAR_SHM_ENABLE = 455, + VAR_SHM_KEY = 456, + VAR_DNSCRYPT = 457, + VAR_DNSCRYPT_ENABLE = 458, + VAR_DNSCRYPT_PORT = 459, + VAR_DNSCRYPT_PROVIDER = 460, + VAR_DNSCRYPT_SECRET_KEY = 461, + VAR_DNSCRYPT_PROVIDER_CERT = 462 }; #endif /* Tokens. */ @@ -390,49 +408,67 @@ extern int yydebug; #define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 #define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 #define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 -#define VAR_HARDEN_ALGO_DOWNGRADE 413 -#define VAR_IP_TRANSPARENT 414 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 415 -#define VAR_IP_RATELIMIT 416 -#define VAR_IP_RATELIMIT_SLABS 417 -#define VAR_IP_RATELIMIT_SIZE 418 -#define VAR_RATELIMIT 419 -#define VAR_RATELIMIT_SLABS 420 -#define VAR_RATELIMIT_SIZE 421 -#define VAR_RATELIMIT_FOR_DOMAIN 422 -#define VAR_RATELIMIT_BELOW_DOMAIN 423 -#define VAR_IP_RATELIMIT_FACTOR 424 -#define VAR_RATELIMIT_FACTOR 425 -#define VAR_CAPS_WHITELIST 426 -#define VAR_CACHE_MAX_NEGATIVE_TTL 427 -#define VAR_PERMIT_SMALL_HOLDDOWN 428 -#define VAR_QNAME_MINIMISATION 429 -#define VAR_QNAME_MINIMISATION_STRICT 430 -#define VAR_IP_FREEBIND 431 -#define VAR_DEFINE_TAG 432 -#define VAR_LOCAL_ZONE_TAG 433 -#define VAR_ACCESS_CONTROL_TAG 434 -#define VAR_LOCAL_ZONE_OVERRIDE 435 -#define VAR_ACCESS_CONTROL_TAG_ACTION 436 -#define VAR_ACCESS_CONTROL_TAG_DATA 437 -#define VAR_VIEW 438 -#define VAR_ACCESS_CONTROL_VIEW 439 -#define VAR_VIEW_FIRST 440 -#define VAR_SERVE_EXPIRED 441 -#define VAR_FAKE_DSA 442 -#define VAR_LOG_IDENTITY 443 -#define VAR_USE_SYSTEMD 444 +#define VAR_RESPONSE_IP_TAG 413 +#define VAR_RESPONSE_IP 414 +#define VAR_RESPONSE_IP_DATA 415 +#define VAR_HARDEN_ALGO_DOWNGRADE 416 +#define VAR_IP_TRANSPARENT 417 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 418 +#define VAR_IP_RATELIMIT 419 +#define VAR_IP_RATELIMIT_SLABS 420 +#define VAR_IP_RATELIMIT_SIZE 421 +#define VAR_RATELIMIT 422 +#define VAR_RATELIMIT_SLABS 423 +#define VAR_RATELIMIT_SIZE 424 +#define VAR_RATELIMIT_FOR_DOMAIN 425 +#define VAR_RATELIMIT_BELOW_DOMAIN 426 +#define VAR_IP_RATELIMIT_FACTOR 427 +#define VAR_RATELIMIT_FACTOR 428 +#define VAR_SEND_CLIENT_SUBNET 429 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 430 +#define VAR_CLIENT_SUBNET_OPCODE 431 +#define VAR_MAX_CLIENT_SUBNET_IPV4 432 +#define VAR_MAX_CLIENT_SUBNET_IPV6 433 +#define VAR_CAPS_WHITELIST 434 +#define VAR_CACHE_MAX_NEGATIVE_TTL 435 +#define VAR_PERMIT_SMALL_HOLDDOWN 436 +#define VAR_QNAME_MINIMISATION 437 +#define VAR_QNAME_MINIMISATION_STRICT 438 +#define VAR_IP_FREEBIND 439 +#define VAR_DEFINE_TAG 440 +#define VAR_LOCAL_ZONE_TAG 441 +#define VAR_ACCESS_CONTROL_TAG 442 +#define VAR_LOCAL_ZONE_OVERRIDE 443 +#define VAR_ACCESS_CONTROL_TAG_ACTION 444 +#define VAR_ACCESS_CONTROL_TAG_DATA 445 +#define VAR_VIEW 446 +#define VAR_ACCESS_CONTROL_VIEW 447 +#define VAR_VIEW_FIRST 448 +#define VAR_SERVE_EXPIRED 449 +#define VAR_FAKE_DSA 450 +#define VAR_FAKE_SHA1 451 +#define VAR_LOG_IDENTITY 452 +#define VAR_HIDE_TRUSTANCHOR 453 +#define VAR_USE_SYSTEMD 454 +#define VAR_SHM_ENABLE 455 +#define VAR_SHM_KEY 456 +#define VAR_DNSCRYPT 457 +#define VAR_DNSCRYPT_ENABLE 458 +#define VAR_DNSCRYPT_PORT 459 +#define VAR_DNSCRYPT_PROVIDER 460 +#define VAR_DNSCRYPT_SECRET_KEY 461 +#define VAR_DNSCRYPT_PROVIDER_CERT 462 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 64 "util/configparser.y" /* yacc.c:1909 */ +#line 66 "util/configparser.y" /* yacc.c:1909 */ char* str; -#line 436 "util/configparser.h" /* yacc.c:1909 */ +#line 472 "util/configparser.h" /* yacc.c:1909 */ }; typedef union YYSTYPE YYSTYPE; diff --git a/util/configparser.y b/util/configparser.y index e6e3fb4744f5..4a04367f4d41 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -51,6 +51,8 @@ int ub_c_lex(void); void ub_c_error(const char *message); +static void validate_respip_action(const char* action); + /* these need to be global, otherwise they cannot be used inside yacc */ extern struct config_parser_state* cfg_parser; @@ -122,27 +124,34 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR +%token VAR_SEND_CLIENT_SUBNET VAR_CLIENT_SUBNET_ALWAYS_FORWARD +%token VAR_CLIENT_SUBNET_OPCODE +%token VAR_MAX_CLIENT_SUBNET_IPV4 VAR_MAX_CLIENT_SUBNET_IPV6 %token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN %token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND %token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW -%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA -%token VAR_LOG_IDENTITY -%token VAR_USE_SYSTEMD +%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1 +%token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR +%token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY +%token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER +%token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; toplevelvar: serverstart contents_server | stubstart contents_stub | forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc | dtstart contents_dt | viewstart - contents_view + contents_view | + dnscstart contents_dnsc ; /* server: declaration */ @@ -205,7 +214,10 @@ content_server: server_num_threads | server_verbosity | server_port | server_ip_ratelimit_size | server_ratelimit_size | server_ratelimit_for_domain | server_ratelimit_below_domain | server_ratelimit_factor | - server_ip_ratelimit_factor | + server_ip_ratelimit_factor | server_send_client_subnet | + server_client_subnet_always_forward | + server_client_subnet_opcode | + server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 | server_caps_whitelist | server_cache_max_negative_ttl | server_permit_small_holddown | server_qname_minimisation | server_ip_freebind | server_define_tag | server_local_zone_tag | @@ -213,7 +225,10 @@ content_server: server_num_threads | server_verbosity | server_port | server_local_zone_override | server_access_control_tag_action | server_access_control_tag_data | server_access_control_view | server_qname_minimisation_strict | server_serve_expired | - server_fake_dsa | server_log_identity | server_use_systemd + server_fake_dsa | server_log_identity | server_use_systemd | + server_response_ip_tag | server_response_ip | server_response_ip_data | + server_shm_enable | server_shm_key | server_fake_sha1 | + server_hide_trustanchor ; stubstart: VAR_STUB_ZONE { @@ -265,7 +280,8 @@ viewstart: VAR_VIEW ; contents_view: contents_view content_view | ; -content_view: view_name | view_local_zone | view_local_data | view_first +content_view: view_name | view_local_zone | view_local_data | view_first | + view_response_ip | view_response_ip_data | view_local_data_ptr ; server_num_threads: VAR_NUM_THREADS STRING_ARG { @@ -314,6 +330,26 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG free($2); } ; +server_shm_enable: VAR_SHM_ENABLE STRING_ARG + { + OUTYY(("P(server_shm_enable:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->shm_enable = (strcmp($2, "yes")==0); + free($2); + } + ; +server_shm_key: VAR_SHM_KEY STRING_ARG + { + OUTYY(("P(server_shm_key:%s)\n", $2)); + if(strcmp($2, "") == 0 || strcmp($2, "0") == 0) + cfg_parser->cfg->shm_key = 0; + else if(atoi($2) == 0) + yyerror("number expected"); + else cfg_parser->cfg->shm_key = atoi($2); + free($2); + } + ; server_port: VAR_PORT STRING_ARG { OUTYY(("P(server_port:%s)\n", $2)); @@ -323,6 +359,78 @@ server_port: VAR_PORT STRING_ARG free($2); } ; +server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG + { + #ifdef CLIENT_SUBNET + OUTYY(("P(server_send_client_subnet:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, $2)) + fatal_exit("out of memory adding client-subnet"); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + } + ; +server_client_subnet_always_forward: + VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG + { + #ifdef CLIENT_SUBNET + OUTYY(("P(server_client_subnet_always_forward:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->client_subnet_always_forward = + (strcmp($2, "yes")==0); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free($2); + } + ; +server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG + { + #ifdef CLIENT_SUBNET + OUTYY(("P(client_subnet_opcode:%s)\n", $2)); + OUTYY(("P(Depricated option, ignoring)\n")); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free($2); + } + ; +server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_client_subnet_ipv4:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("IPv4 subnet length expected"); + else if (atoi($2) > 32) + cfg_parser->cfg->max_client_subnet_ipv4 = 32; + else if (atoi($2) < 0) + cfg_parser->cfg->max_client_subnet_ipv4 = 0; + else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi($2); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free($2); + } + ; +server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_client_subnet_ipv6:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("Ipv6 subnet length expected"); + else if (atoi($2) > 128) + cfg_parser->cfg->max_client_subnet_ipv6 = 128; + else if (atoi($2) < 0) + cfg_parser->cfg->max_client_subnet_ipv6 = 0; + else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi($2); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free($2); + } + ; server_interface: VAR_INTERFACE STRING_ARG { OUTYY(("P(server_interface:%s)\n", $2)); @@ -700,6 +808,15 @@ server_hide_version: VAR_HIDE_VERSION STRING_ARG free($2); } ; +server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG + { + OUTYY(("P(server_hide_trustanchor:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0); + free($2); + } + ; server_identity: VAR_IDENTITY STRING_ARG { OUTYY(("P(server_identity:%s)\n", $2)); @@ -1236,6 +1353,19 @@ server_fake_dsa: VAR_FAKE_DSA STRING_ARG free($2); } ; +server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG + { + OUTYY(("P(server_fake_sha1:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); +#ifdef HAVE_SSL + else fake_sha1 = (strcmp($2, "yes")==0); + if(fake_sha1) + log_warn("test option fake_sha1 is enabled"); +#endif + free($2); + } + ; server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG { OUTYY(("P(server_val_log_level:%s)\n", $2)); @@ -1509,6 +1639,25 @@ server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG } } ; +server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, $3, + &len); + free($3); + OUTYY(("P(response_ip_tag:%s)\n", $2)); + if(!bitlist) + yyerror("could not parse tags, (define-tag them first)"); + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->respip_tags, + $2, bitlist, len)) { + yyerror("out of memory"); + free($2); + } + } + } + ; server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG { OUTYY(("P(server_ip_ratelimit:%s)\n", $2)); @@ -1769,6 +1918,24 @@ view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG } } ; +view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG + { + OUTYY(("P(view_response_ip:%s %s)\n", $2, $3)); + validate_respip_action($3); + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->respip_actions, $2, $3)) + fatal_exit("out of memory adding per-view " + "response-ip action"); + } + ; +view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG + { + OUTYY(("P(view_response_ip_data:%s)\n", $2)); + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->respip_data, $2, $3)) + fatal_exit("out of memory adding response-ip-data"); + } + ; view_local_data: VAR_LOCAL_DATA STRING_ARG { OUTYY(("P(view_local_data:%s)\n", $2)); @@ -1778,6 +1945,21 @@ view_local_data: VAR_LOCAL_DATA STRING_ARG } } ; +view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG + { + char* ptr; + OUTYY(("P(view_local_data_ptr:%s)\n", $2)); + ptr = cfg_ptr_reverse($2); + free($2); + if(ptr) { + if(!cfg_strlist_insert(&cfg_parser->cfg->views-> + local_data, ptr)) + fatal_exit("out of memory adding local-data"); + } else { + yyerror("local-data-ptr could not be reversed"); + } + } + ; view_first: VAR_VIEW_FIRST STRING_ARG { OUTYY(("P(view-first:%s)\n", $2)); @@ -2010,6 +2192,91 @@ server_log_identity: VAR_LOG_IDENTITY STRING_ARG cfg_parser->cfg->log_identity = $2; } ; +server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG + { + OUTYY(("P(server_response_ip:%s %s)\n", $2, $3)); + validate_respip_action($3); + if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, + $2, $3)) + fatal_exit("out of memory adding response-ip"); + } + ; +server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG + { + OUTYY(("P(server_response_ip_data:%s)\n", $2)); + if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, + $2, $3)) + fatal_exit("out of memory adding response-ip-data"); + } + ; +dnscstart: VAR_DNSCRYPT + { + OUTYY(("\nP(dnscrypt:)\n")); + OUTYY(("\nP(dnscrypt:)\n")); + } + ; +contents_dnsc: contents_dnsc content_dnsc + | ; +content_dnsc: + dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider | + dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert + ; +dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG + { + OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnscrypt = (strcmp($2, "yes")==0); + } + ; + +dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG + { + OUTYY(("P(dnsc_dnscrypt_port:%s)\n", $2)); + + if(atoi($2) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->dnscrypt_port = atoi($2); + free($2); + } + ; +dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG + { + OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", $2)); + free(cfg_parser->cfg->dnscrypt_provider); + cfg_parser->cfg->dnscrypt_provider = $2; + } + ; +dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG + { + OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2)) + fatal_exit("out of memory adding dnscrypt-provider-cert"); + } + ; +dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG + { + OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2)) + fatal_exit("out of memory adding dnscrypt-secret-key"); + } + ; %% /* parse helper routines could be here */ +static void +validate_respip_action(const char* action) +{ + if(strcmp(action, "deny")!=0 && + strcmp(action, "redirect")!=0 && + strcmp(action, "inform")!=0 && + strcmp(action, "inform_deny")!=0 && + strcmp(action, "always_transparent")!=0 && + strcmp(action, "always_refuse")!=0 && + strcmp(action, "always_nxdomain")!=0) + { + yyerror("response-ip action: expected deny, redirect, " + "inform, inform_deny, always_transparent, " + "always_refuse or always_nxdomain"); + } +} diff --git a/util/data/msgencode.c b/util/data/msgencode.c index 5d3a24762178..1f72a03b8c64 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -459,6 +459,10 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, owner_labs = dname_count_labels(key->rk.dname); owner_pos = sldns_buffer_position(pkt); + /* For an rrset with a fixed TTL, use the rrset's TTL as given */ + if((key->rk.flags & PACKED_RRSET_FIXEDTTL) != 0) + timenow = 0; + if(do_data) { const sldns_rr_descriptor* c = type_rdata_compressable(key); for(i=0; i<data->count; i++) { diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 8869716b6793..2ce898d7f031 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -133,9 +133,8 @@ parse_create_repinfo(struct msg_parse* msg, struct reply_info** rep, return 1; } -/** allocate (special) rrset keys, return 0 on error */ -static int -repinfo_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, +int +reply_info_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, struct regional* region) { size_t i; @@ -438,7 +437,7 @@ parse_create_msg(sldns_buffer* pkt, struct msg_parse* msg, return 0; if(!parse_create_repinfo(msg, rep, region)) return 0; - if(!repinfo_alloc_rrset_keys(*rep, alloc, region)) + if(!reply_info_alloc_rrset_keys(*rep, alloc, region)) return 0; if(!parse_copy_decompress(pkt, msg, *rep, region)) return 0; @@ -688,7 +687,7 @@ reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, if(!cp) return NULL; /* allocate ub_key structures special or not */ - if(!repinfo_alloc_rrset_keys(cp, alloc, region)) { + if(!reply_info_alloc_rrset_keys(cp, alloc, region)) { if(!region) reply_info_parsedelete(cp, alloc); return NULL; @@ -984,19 +983,20 @@ int edns_opt_list_remove(struct edns_option** list, uint16_t code) } static int inplace_cb_reply_call_generic( - struct inplace_cb_reply* callback_list, enum inplace_cb_list_type type, + struct inplace_cb* callback_list, enum inplace_cb_list_type type, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct regional* region) { - struct inplace_cb_reply* cb; + struct inplace_cb* cb; struct edns_option* opt_list_out = NULL; if(qstate) opt_list_out = qstate->edns_opts_front_out; for(cb=callback_list; cb; cb=cb->next) { - fptr_ok(fptr_whitelist_inplace_cb_reply_generic(cb->cb, type)); - (void)(*cb->cb)(qinfo, qstate, rep, rcode, edns, &opt_list_out, region, - cb->cb_arg); + fptr_ok(fptr_whitelist_inplace_cb_reply_generic( + (inplace_cb_reply_func_type*)cb->cb, type)); + (void)(*(inplace_cb_reply_func_type*)cb->cb)(qinfo, qstate, rep, + rcode, edns, &opt_list_out, region, cb->id, cb->cb_arg); } edns->opt_list = opt_list_out; return 1; @@ -1049,11 +1049,40 @@ int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, uint8_t* zone, size_t zonelen, struct module_qstate* qstate, struct regional* region) { - struct inplace_cb_query* cb = env->inplace_cb_lists[inplace_cb_query]; + struct inplace_cb* cb = env->inplace_cb_lists[inplace_cb_query]; + for(; cb; cb=cb->next) { + fptr_ok(fptr_whitelist_inplace_cb_query( + (inplace_cb_query_func_type*)cb->cb)); + (void)(*(inplace_cb_query_func_type*)cb->cb)(qinfo, flags, + qstate, addr, addrlen, zone, zonelen, region, + cb->id, cb->cb_arg); + } + return 1; +} + +int inplace_cb_edns_back_parsed_call(struct module_env* env, + struct module_qstate* qstate) +{ + struct inplace_cb* cb = + env->inplace_cb_lists[inplace_cb_edns_back_parsed]; + for(; cb; cb=cb->next) { + fptr_ok(fptr_whitelist_inplace_cb_edns_back_parsed( + (inplace_cb_edns_back_parsed_func_type*)cb->cb)); + (void)(*(inplace_cb_edns_back_parsed_func_type*)cb->cb)(qstate, + cb->id, cb->cb_arg); + } + return 1; +} + +int inplace_cb_query_response_call(struct module_env* env, + struct module_qstate* qstate, struct dns_msg* response) { + struct inplace_cb* cb = + env->inplace_cb_lists[inplace_cb_query_response]; for(; cb; cb=cb->next) { - fptr_ok(fptr_whitelist_inplace_cb_query(cb->cb)); - (void)(*cb->cb)(qinfo, flags, qstate, addr, addrlen, zone, zonelen, - region, cb->cb_arg); + fptr_ok(fptr_whitelist_inplace_cb_query_response( + (inplace_cb_query_response_func_type*)cb->cb)); + (void)(*(inplace_cb_query_response_func_type*)cb->cb)(qstate, + response, cb->id, cb->cb_arg); } return 1; } @@ -1148,6 +1177,7 @@ struct edns_option* edns_opt_copy_alloc(struct edns_option* list) if(s->opt_data) { s->opt_data = memdup(s->opt_data, s->opt_len); if(!s->opt_data) { + free(s); edns_opt_list_free(result); return NULL; } diff --git a/util/data/msgreply.h b/util/data/msgreply.h index 485d49afa87d..acbdd3deb61b 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -50,13 +50,13 @@ struct iovec; struct regional; struct edns_data; struct edns_option; -struct inplace_cb_reply; -struct inplace_cb_query; +struct inplace_cb; struct module_qstate; struct module_env; struct msg_parse; struct rrset_parse; struct local_rrset; +struct dns_msg; /** calculate the prefetch TTL as 90% of original. Calculation * without numerical overflow (uin32_t) */ @@ -357,6 +357,21 @@ struct reply_info* reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, struct regional* region); /** + * Allocate (special) rrset keys. + * @param rep: reply info in which the rrset keys to be allocated, rrset[] + * array should have bee allocated with NULL pointers. + * @param alloc: how to allocate rrset keys. + * Not used if region!=NULL, it can be NULL in that case. + * @param region: if this parameter is NULL then the alloc is used. + * otherwise, rrset keys are allocated in this region. + * In a region, no special rrset key structures are needed (not shared). + * and no rrset_ref array in the reply needs to be built up. + * @return 1 on success, 0 on error + */ +int reply_info_alloc_rrset_keys(struct reply_info* rep, + struct alloc_cache* alloc, struct regional* region); + +/** * Copy a parsed rrset into given key, decompressing and allocating rdata. * @param pkt: packet for decompression * @param msg: the parser message (for flags for trust). @@ -608,6 +623,29 @@ int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, struct regional* region); /** + * Call the registered functions in the inplace_cb_edns_back_parsed linked list. + * This function is going to get called after parsing the EDNS data on the + * reply from a nameserver. + * @param env: module environment. + * @param qstate: module qstate. + * @return false on failure (a callback function returned an error). + */ +int inplace_cb_edns_back_parsed_call(struct module_env* env, + struct module_qstate* qstate); + +/** + * Call the registered functions in the inplace_cb_query_reponse linked list. + * This function is going to get called after receiving a reply from a + * nameserver. + * @param env: module environment. + * @param qstate: module qstate. + * @param response: received response + * @return false on failure (a callback function returned an error). + */ +int inplace_cb_query_response_call(struct module_env* env, + struct module_qstate* qstate, struct dns_msg* response); + +/** * Copy edns option list allocated to the new region */ struct edns_option* edns_opt_copy_region(struct edns_option* list, diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h index a2f116afba43..28f603d6f98f 100644 --- a/util/data/packed_rrset.h +++ b/util/data/packed_rrset.h @@ -57,6 +57,10 @@ typedef uint64_t rrset_id_type; * this is set on SOA rrsets in the authority section, to keep its TTL separate * from the SOA in the answer section from a direct SOA query or ANY query. */ #define PACKED_RRSET_SOA_NEG 0x4 +/** This rrset is considered to have a fixed TTL; its TTL doesn't have to be + * updated on encoding in a reply. This flag is not expected to be set in + * cached data. */ +#define PACKED_RRSET_FIXEDTTL 0x80000000 /** number of rrs and rrsets for integer overflow protection. More than * this is not really possible (64K packet has much less RRs and RRsets) in @@ -83,6 +87,7 @@ struct packed_rrset_key { * o PACKED_RRSET_NSEC_AT_APEX * o PACKED_RRSET_PARENT_SIDE * o PACKED_RRSET_SOA_NEG + * o PACKED_RRSET_FIXEDTTL (not supposed to be cached) */ uint32_t flags; /** the rrset type in network format */ diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index 8bd7b973c2f7..03244a123d69 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -75,6 +75,7 @@ #ifdef UB_ON_WINDOWS #include "winrc/win_svc.h" #endif +#include "respip/respip.h" #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" @@ -82,6 +83,9 @@ #ifdef USE_CACHEDB #include "cachedb/cachedb.h" #endif +#ifdef CLIENT_SUBNET +#include "edns-subnet/subnetmod.h" +#endif int fptr_whitelist_comm_point(comm_point_callback_type *fptr) @@ -218,6 +222,9 @@ fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr) else if(fptr == &rate_sizefunc) return 1; else if(fptr == &ip_rate_sizefunc) return 1; else if(fptr == &test_slabhash_sizefunc) return 1; +#ifdef CLIENT_SUBNET + else if(fptr == &msg_cache_sizefunc) return 1; +#endif return 0; } @@ -256,6 +263,9 @@ fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr) else if(fptr == &key_entry_deldatafunc) return 1; else if(fptr == &rate_deldatafunc) return 1; else if(fptr == &test_slabhash_deldata) return 1; +#ifdef CLIENT_SUBNET + else if(fptr == &subnet_data_delete) return 1; +#endif return 0; } @@ -318,12 +328,16 @@ fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)) if(fptr == &iter_init) return 1; else if(fptr == &val_init) return 1; else if(fptr == &dns64_init) return 1; + else if(fptr == &respip_init) return 1; #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_init) return 1; #endif #ifdef USE_CACHEDB else if(fptr == &cachedb_init) return 1; #endif +#ifdef CLIENT_SUBNET + else if(fptr == &subnetmod_init) return 1; +#endif return 0; } @@ -333,12 +347,16 @@ fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)) if(fptr == &iter_deinit) return 1; else if(fptr == &val_deinit) return 1; else if(fptr == &dns64_deinit) return 1; + else if(fptr == &respip_deinit) return 1; #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_deinit) return 1; #endif #ifdef USE_CACHEDB else if(fptr == &cachedb_deinit) return 1; #endif +#ifdef CLIENT_SUBNET + else if(fptr == &subnetmod_deinit) return 1; +#endif return 0; } @@ -349,12 +367,16 @@ fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, if(fptr == &iter_operate) return 1; else if(fptr == &val_operate) return 1; else if(fptr == &dns64_operate) return 1; + else if(fptr == &respip_operate) return 1; #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_operate) return 1; #endif #ifdef USE_CACHEDB else if(fptr == &cachedb_operate) return 1; #endif +#ifdef CLIENT_SUBNET + else if(fptr == &subnetmod_operate) return 1; +#endif return 0; } @@ -365,12 +387,16 @@ fptr_whitelist_mod_inform_super(void (*fptr)( if(fptr == &iter_inform_super) return 1; else if(fptr == &val_inform_super) return 1; else if(fptr == &dns64_inform_super) return 1; + else if(fptr == &respip_inform_super) return 1; #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_inform_super) return 1; #endif #ifdef USE_CACHEDB else if(fptr == &cachedb_inform_super) return 1; #endif +#ifdef CLIENT_SUBNET + else if(fptr == &subnetmod_inform_super) return 1; +#endif return 0; } @@ -381,12 +407,16 @@ fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate, if(fptr == &iter_clear) return 1; else if(fptr == &val_clear) return 1; else if(fptr == &dns64_clear) return 1; + else if(fptr == &respip_clear) return 1; #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_clear) return 1; #endif #ifdef USE_CACHEDB else if(fptr == &cachedb_clear) return 1; #endif +#ifdef CLIENT_SUBNET + else if(fptr == &subnetmod_clear) return 1; +#endif return 0; } @@ -396,12 +426,16 @@ fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id)) if(fptr == &iter_get_mem) return 1; else if(fptr == &val_get_mem) return 1; else if(fptr == &dns64_get_mem) return 1; + else if(fptr == &respip_get_mem) return 1; #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_get_mem) return 1; #endif #ifdef USE_CACHEDB else if(fptr == &cachedb_get_mem) return 1; #endif +#ifdef CLIENT_SUBNET + else if(fptr == &subnetmod_get_mem) return 1; +#endif return 0; } @@ -462,7 +496,37 @@ int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, return 0; } -int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* ATTR_UNUSED(fptr)) +int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr) { +#ifdef CLIENT_SUBNET + if(fptr == &ecs_whitelist_check) + return 1; +#else + (void)fptr; +#endif + return 0; +} + +int fptr_whitelist_inplace_cb_edns_back_parsed( + inplace_cb_edns_back_parsed_func_type* fptr) +{ +#ifdef CLIENT_SUBNET + if(fptr == &ecs_edns_back_parsed) + return 1; +#else + (void)fptr; +#endif + return 0; +} + +int fptr_whitelist_inplace_cb_query_response( + inplace_cb_query_response_func_type* fptr) +{ +#ifdef CLIENT_SUBNET + if(fptr == &ecs_query_response) + return 1; +#else + (void)fptr; +#endif return 0; } diff --git a/util/fptr_wlist.h b/util/fptr_wlist.h index 5ab69f88758c..653f8f0e75d4 100644 --- a/util/fptr_wlist.h +++ b/util/fptr_wlist.h @@ -351,6 +351,22 @@ int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, */ int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr); +/** + * Check function pointer whitelist for inplace_cb_edns_back_parsed func values. + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_inplace_cb_edns_back_parsed( + inplace_cb_edns_back_parsed_func_type* fptr); + +/** + * Check function pointer whitelist for inplace_cb_query_response func values. + * @param fptr: function pointer to check. + * @return false if not in whitelist. + */ +int fptr_whitelist_inplace_cb_query_response( + inplace_cb_query_response_func_type* fptr); + /** Due to module breakage by fptr wlist, these test app declarations * are presented here */ /** diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 5709a4976c19..2555b2591525 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -661,6 +661,7 @@ 847, 848, 853, +854, 860, 861, 862, @@ -3776,6 +3777,7 @@ 4188, 4191, 4192, +4197, 4199, 4300, 4301, @@ -4455,6 +4457,7 @@ 6446, 6455, 6456, +6464, 6471, 6480, 6481, @@ -4571,6 +4574,7 @@ 7013, 7014, 7015, +7016, 7019, 7020, 7021, @@ -4729,6 +4733,7 @@ 8002, 8003, 8005, +8006, 8008, 8019, 8020, diff --git a/util/module.c b/util/module.c index 91983b18274d..f4b715d141b1 100644 --- a/util/module.c +++ b/util/module.c @@ -123,121 +123,29 @@ edns_register_option(uint16_t opt_code, int bypass_cache_stage, return 1; } -static int -inplace_cb_reply_register_generic(inplace_cb_reply_func_type* cb, - enum inplace_cb_list_type type, void* cb_arg, struct module_env* env) -{ - struct inplace_cb_reply* callback; - struct inplace_cb_reply** prevp; - if(env->worker) { - log_err("invalid edns callback registration: " - "trying to register callback after module init phase"); - return 0; - } - - callback = (struct inplace_cb_reply*)calloc(1, sizeof(*callback)); - if(callback == NULL) { - log_err("out of memory during edns callback registration."); - return 0; - } - callback->next = NULL; - callback->cb = cb; - callback->cb_arg = cb_arg; - - prevp = (struct inplace_cb_reply**) &env->inplace_cb_lists[type]; - /* append at end of list */ - while(*prevp != NULL) - prevp = &((*prevp)->next); - *prevp = callback; - return 1; -} - -int -inplace_cb_reply_register(inplace_cb_reply_func_type* cb, void* cb_arg, - struct module_env* env) -{ - return inplace_cb_reply_register_generic(cb, inplace_cb_reply, cb_arg, - env); -} - -int -inplace_cb_reply_cache_register(inplace_cb_reply_func_type* cb, void* cb_arg, - struct module_env* env) -{ - return inplace_cb_reply_register_generic(cb, inplace_cb_reply_cache, - cb_arg, env); -} - int -inplace_cb_reply_local_register(inplace_cb_reply_func_type* cb, void* cb_arg, - struct module_env* env) +inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, + struct module_env* env, int id) { - return inplace_cb_reply_register_generic(cb, inplace_cb_reply_local, - cb_arg, env); -} - -int -inplace_cb_reply_servfail_register(inplace_cb_reply_func_type* cb, void* cb_arg, - struct module_env* env) -{ - return inplace_cb_reply_register_generic(cb, inplace_cb_reply_servfail, - cb_arg, env); -} - -static void -inplace_cb_reply_delete_generic(struct module_env* env, - enum inplace_cb_list_type type) -{ - struct inplace_cb_reply* curr = env->inplace_cb_lists[type]; - struct inplace_cb_reply* tmp; - /* delete list */ - while(curr) { - tmp = curr->next; - free(curr); - curr = tmp; - } - /* update head pointer */ - env->inplace_cb_lists[type] = NULL; -} - -void inplace_cb_reply_delete(struct module_env* env) -{ - inplace_cb_reply_delete_generic(env, inplace_cb_reply); -} - -void inplace_cb_reply_cache_delete(struct module_env* env) -{ - inplace_cb_reply_delete_generic(env, inplace_cb_reply_cache); -} - -void inplace_cb_reply_servfail_delete(struct module_env* env) -{ - inplace_cb_reply_delete_generic(env, inplace_cb_reply_servfail); -} - -int -inplace_cb_query_register(inplace_cb_query_func_type* cb, void* cb_arg, - struct module_env* env) -{ - struct inplace_cb_query* callback; - struct inplace_cb_query** prevp; + struct inplace_cb* callback; + struct inplace_cb** prevp; if(env->worker) { log_err("invalid edns callback registration: " "trying to register callback after module init phase"); return 0; } - callback = (struct inplace_cb_query*)calloc(1, sizeof(*callback)); + callback = (struct inplace_cb*)calloc(1, sizeof(*callback)); if(callback == NULL) { log_err("out of memory during edns callback registration."); return 0; } + callback->id = id; callback->next = NULL; callback->cb = cb; - callback->cb_arg = cb_arg; + callback->cb_arg = cbarg; - prevp = (struct inplace_cb_query**) - &env->inplace_cb_lists[inplace_cb_query]; + prevp = (struct inplace_cb**) &env->inplace_cb_lists[type]; /* append at end of list */ while(*prevp != NULL) prevp = &((*prevp)->next); @@ -246,27 +154,30 @@ inplace_cb_query_register(inplace_cb_query_func_type* cb, void* cb_arg, } void -inplace_cb_query_delete(struct module_env* env) -{ - struct inplace_cb_query* curr = env->inplace_cb_lists[inplace_cb_query]; - struct inplace_cb_query* tmp; - /* delete list */ - while(curr) { - tmp = curr->next; - free(curr); - curr = tmp; +inplace_cb_delete(struct module_env* env, enum inplace_cb_list_type type, + int id) +{ + struct inplace_cb* temp = env->inplace_cb_lists[type]; + struct inplace_cb* prev = NULL; + + while(temp) { + if(temp->id == id) { + if(!prev) { + env->inplace_cb_lists[type] = temp->next; + free(temp); + temp = env->inplace_cb_lists[type]; + } + else { + prev->next = temp->next; + free(temp); + temp = prev->next; + } + } + else { + prev = temp; + temp = temp->next; + } } - /* update head pointer */ - env->inplace_cb_lists[inplace_cb_query] = NULL; -} - -void -inplace_cb_lists_delete(struct module_env* env) -{ - inplace_cb_reply_delete(env); - inplace_cb_reply_cache_delete(env); - inplace_cb_reply_servfail_delete(env); - inplace_cb_query_delete(env); } struct edns_known_option* @@ -292,9 +203,11 @@ edns_bypass_cache_stage(struct edns_option* list, struct module_env* env) } int -edns_unique_mesh_state(struct edns_option* list, struct module_env* env) +unique_mesh_state(struct edns_option* list, struct module_env* env) { size_t i; + if(env->unique_mesh) + return 1; for(; list; list=list->next) for(i=0; i<env->edns_known_options_num; i++) if(env->edns_known_options[i].opt_code == list->opt_code && diff --git a/util/module.h b/util/module.h index d3db3eaec151..82b50ccd7d06 100644 --- a/util/module.h +++ b/util/module.h @@ -174,6 +174,9 @@ struct val_anchors; struct val_neg_cache; struct iter_forwards; struct iter_hints; +struct respip_set; +struct respip_client_info; +struct respip_addr_info; /** Maximum number of modules in operation */ #define MAX_MODULE 16 @@ -194,6 +197,11 @@ enum inplace_cb_list_type { inplace_cb_reply_servfail, /* Inplace callbacks for when a query is ready to be sent to the back.*/ inplace_cb_query, + /* Inplace callback for when a reply is received from the back. */ + inplace_cb_query_response, + /* Inplace callback for when EDNS is parsed on a reply received from the + * back. */ + inplace_cb_edns_back_parsed, /* Total number of types. Used for array initialization. * Should always be last. */ inplace_cb_types_total @@ -211,6 +219,19 @@ struct edns_known_option { }; /** + * Inplace callback list of registered routines to be called. + */ +struct inplace_cb { + /** next in list */ + struct inplace_cb* next; + /** Inplace callback routine */ + void* cb; + void* cb_arg; + /** module id */ + int id; +}; + +/** * Inplace callback function called before replying. * Called as func(edns, qstate, opt_list_out, qinfo, reply_info, rcode, * region, python_callback) @@ -229,24 +250,7 @@ struct edns_known_option { typedef int inplace_cb_reply_func_type(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct regional* region, void* python_callback); - -/** - * Inplace callback list of registered routines to be called before replying - * with a resolved query. - */ -struct inplace_cb_reply { - /** next in list */ - struct inplace_cb_reply* next; - /** - * Inplace callback routine for cache stage response. - * called as cb(qinfo, qstate, qinfo, reply_info, rcode, edns, - * opt_list_out, region, python_callback); - * python_callback is only used for registering a python callback function. - */ - inplace_cb_reply_func_type* cb; - void* cb_arg; -}; + struct regional* region, int id, void* callback); /** * Inplace callback function called before sending the query to a nameserver. @@ -268,24 +272,30 @@ struct inplace_cb_reply { typedef int inplace_cb_query_func_type(struct query_info* qinfo, uint16_t flags, struct module_qstate* qstate, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, - void* python_callback); + int id, void* callback); /** - * Inplace callback list of registered routines to be called before quering a - * nameserver. + * Inplace callback function called after parsing edns on query reply. + * Called as func(qstate, cb_args) + * Where: + * qstate: the query state + * id: module id + * cb_args: argument passed when registering callback. */ -struct inplace_cb_query { - /** next in list */ - struct inplace_cb_query* next; - /** - * Inplace callback routine for cache stage response. - * called as cb(qinfo, flags, qstate, addr, addrlen, zone, zonelen, - * region, python_callback); - * python_callback is only used for registering a python callback function. - */ - inplace_cb_query_func_type* cb; - void* cb_arg; -}; +typedef int inplace_cb_edns_back_parsed_func_type(struct module_qstate* qstate, + int id, void* cb_args); + +/** + * Inplace callback function called after parsing query response. + * Called as func(qstate, id, cb_args) + * Where: + * qstate: the query state + * response: query response + * id: module id + * cb_args: argument passed when registering callback. + */ +typedef int inplace_cb_query_response_func_type(struct module_qstate* qstate, + struct dns_msg* response, int id, void* cb_args); /** * Module environment. @@ -442,7 +452,7 @@ struct module_env { void* modinfo[MAX_MODULE]; /* Shared linked list of inplace callback functions */ - void* inplace_cb_lists[inplace_cb_types_total]; + struct inplace_cb* inplace_cb_lists[inplace_cb_types_total]; /** * Shared array of known edns options (size MAX_KNOWN_EDNS_OPTS). @@ -451,6 +461,9 @@ struct module_env { struct edns_known_option* edns_known_options; /* Number of known edns options */ size_t edns_known_options_num; + + /* Make every mesh state unique, do not aggregate mesh states. */ + int unique_mesh; }; /** @@ -508,6 +521,8 @@ struct sock_list { struct sockaddr_storage addr; }; +struct respip_action_info; + /** * Module state, per query. */ @@ -562,6 +577,19 @@ struct module_qstate { int no_cache_lookup; /** whether modules should store answer in the cache */ int no_cache_store; + + /** + * Attributes of clients that share the qstate that may affect IP-based + * actions. + */ + struct respip_client_info* client_info; + + /** Extended result of response-ip action processing, mainly + * for logging purposes. */ + struct respip_action_info* respip_action_info; + + /** whether the reply should be dropped */ + int is_drop; }; /** @@ -680,85 +708,28 @@ int edns_register_option(uint16_t opt_code, int bypass_cache_stage, int no_aggregation, struct module_env* env); /** - * Register an inplace callback function called before replying with a resolved - * query. + * Register an inplace callback function. * @param cb: pointer to the callback function. - * @param cb_arg: optional argument for the callback function. + * @param type: inplace callback type. + * @param cbarg: argument for the callback function, or NULL. * @param env: the module environment. + * @param id: module id. * @return true on success, false on failure (out of memory or trying to * register after the environment is copied to the threads.) */ -int inplace_cb_reply_register(inplace_cb_reply_func_type* cb, void* cb_arg, - struct module_env* env); - -/** - * Register an inplace callback function called before replying from the cache. - * @param cb: pointer to the callback function. - * @param cb_arg: optional argument for the callback function. - * @param env: the module environment. - * @return true on success, false on failure (out of memory or trying to - * register after the environment is copied to the threads.) - */ -int inplace_cb_reply_cache_register(inplace_cb_reply_func_type* cb, void* cb_arg, - struct module_env* env); - -/** - * Register an inplace callback function called before replying with local - * data or Chaos reply. - * @param cb: pointer to the callback function. - * @param cb_arg: optional argument for the callback function. - * @param env: the module environment. - * @return true on success, false on failure (out of memory or trying to - * register after the environment is copied to the threads.) - */ -int inplace_cb_reply_local_register(inplace_cb_reply_func_type* cb, void* cb_arg, - struct module_env* env); - -/** - * Register an inplace callback function called before replying with servfail. - * @param cb: pointer to the callback function. - * @param cb_arg: optional argument for the callback function. - * @param env: the module environment. - * @return true on success, false on failure (out of memory or trying to - * register after the environment is copied to the threads.) - */ -int inplace_cb_reply_servfail_register(inplace_cb_reply_func_type* cb, - void* cb_arg, struct module_env* env); - -/** - * Delete the inplace_cb_reply callback linked list. - * @param env: the module environment. - */ -void inplace_cb_reply_delete(struct module_env* env); - -/** - * Delete the inplace_cb_reply_cache callback linked list. - * @param env: the module environment. - */ -void inplace_cb_reply_cache_delete(struct module_env* env); - -/** - * Delete the inplace_cb_reply_servfail callback linked list. - * @param env: the module environment. - */ -void inplace_cb_reply_servfail_delete(struct module_env* env); - -/** - * Register an inplace callback function called before quering a nameserver. - * @param cb: pointer to the callback function. - * @param cb_arg: optional argument for the callback function. - * @param env: the module environment. - * @return true on success, false on failure (out of memory or trying to - * register after the environment is copied to the threads.) - */ -int inplace_cb_query_register(inplace_cb_query_func_type* cb, void* cb_arg, - struct module_env* env); +int +inplace_cb_register(void* cb, enum inplace_cb_list_type type, void* cbarg, + struct module_env* env, int id); /** - * Delete the inplace_cb_query callback linked list. + * Delete callback for specified type and module id. * @param env: the module environment. + * @param type: inplace callback type. + * @param id: module id. */ -void inplace_cb_query_delete(struct module_env* env); +void +inplace_cb_delete(struct module_env* env, enum inplace_cb_list_type type, + int id); /** * Delete all the inplace callback linked lists. @@ -787,13 +758,14 @@ int edns_bypass_cache_stage(struct edns_option* list, struct module_env* env); /** - * Check if an edns option needs a unique mesh state. + * Check if an unique mesh state is required. Might be triggered by EDNS option + * or set for the complete env. * @param list: the edns options. * @param env: the module environment. * @return true if an edns option needs a unique mesh state, * false otherwise. */ -int edns_unique_mesh_state(struct edns_option* list, struct module_env* env); +int unique_mesh_state(struct edns_option* list, struct module_env* env); /** * Log the known edns options. diff --git a/util/netevent.c b/util/netevent.c index 8e66b9045fa1..2084cea3ec01 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -47,6 +47,7 @@ #include "sldns/pkthdr.h" #include "sldns/sbuffer.h" #include "dnstap/dnstap.h" +#include "dnscrypt/dnscrypt.h" #ifdef HAVE_OPENSSL_SSL_H #include <openssl/ssl.h> #endif @@ -665,6 +666,7 @@ comm_point_udp_callback(int fd, short event, void* arg) struct comm_reply rep; ssize_t rcv; int i; + struct sldns_buffer *buffer; rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); @@ -701,7 +703,12 @@ comm_point_udp_callback(int fd, short event, void* arg) fptr_ok(fptr_whitelist_comm_point(rep.c->callback)); if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) { /* send back immediate reply */ - (void)comm_point_send_udp_msg(rep.c, rep.c->buffer, +#ifdef USE_DNSCRYPT + buffer = rep.c->dnscrypt_buffer; +#else + buffer = rep.c->buffer; +#endif + (void)comm_point_send_udp_msg(rep.c, buffer, (struct sockaddr*)&rep.addr, rep.addrlen); } if(rep.c->fd != fd) /* commpoint closed to -1 or reused for @@ -717,6 +724,10 @@ setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) log_assert(c->type == comm_tcp); log_assert(c->fd == -1); sldns_buffer_clear(c->buffer); +#ifdef USE_DNSCRYPT + if (c->dnscrypt) + sldns_buffer_clear(c->dnscrypt_buffer); +#endif c->tcp_is_reading = 1; c->tcp_byte_count = 0; c->tcp_timeout_msec = TCP_QUERY_TIMEOUT; @@ -1310,7 +1321,13 @@ static int comm_point_tcp_handle_write(int fd, struct comm_point* c) { ssize_t r; + struct sldns_buffer *buffer; log_assert(c->type == comm_tcp); +#ifdef USE_DNSCRYPT + buffer = c->dnscrypt_buffer; +#else + buffer = c->buffer; +#endif if(c->tcp_is_reading && !c->ssl) return 0; log_assert(fd != -1); @@ -1364,15 +1381,15 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if(c->tcp_do_fastopen == 1) { /* this form of sendmsg() does both a connect() and send() so need to look for various flavours of error*/ - uint16_t len = htons(sldns_buffer_limit(c->buffer)); + uint16_t len = htons(sldns_buffer_limit(buffer)); struct msghdr msg; struct iovec iov[2]; c->tcp_do_fastopen = 0; memset(&msg, 0, sizeof(msg)); iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(c->buffer); - iov[1].iov_len = sldns_buffer_limit(c->buffer); + iov[1].iov_base = sldns_buffer_begin(buffer); + iov[1].iov_len = sldns_buffer_limit(buffer); log_assert(iov[0].iov_len > 0); log_assert(iov[1].iov_len > 0); msg.msg_name = &c->repinfo.addr; @@ -1400,9 +1417,9 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) c->tcp_byte_count += r; if(c->tcp_byte_count < sizeof(uint16_t)) return 1; - sldns_buffer_set_position(c->buffer, c->tcp_byte_count - + sldns_buffer_set_position(buffer, c->tcp_byte_count - sizeof(uint16_t)); - if(sldns_buffer_remaining(c->buffer) == 0) { + if(sldns_buffer_remaining(buffer) == 0) { tcp_callback_writer(c); return 1; } @@ -1411,13 +1428,13 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) #endif /* USE_MSG_FASTOPEN */ if(c->tcp_byte_count < sizeof(uint16_t)) { - uint16_t len = htons(sldns_buffer_limit(c->buffer)); + uint16_t len = htons(sldns_buffer_limit(buffer)); #ifdef HAVE_WRITEV struct iovec iov[2]; iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(c->buffer); - iov[1].iov_len = sldns_buffer_limit(c->buffer); + iov[1].iov_base = sldns_buffer_begin(buffer); + iov[1].iov_len = sldns_buffer_limit(buffer); log_assert(iov[0].iov_len > 0); log_assert(iov[1].iov_len > 0); r = writev(fd, iov, 2); @@ -1459,16 +1476,16 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) c->tcp_byte_count += r; if(c->tcp_byte_count < sizeof(uint16_t)) return 1; - sldns_buffer_set_position(c->buffer, c->tcp_byte_count - + sldns_buffer_set_position(buffer, c->tcp_byte_count - sizeof(uint16_t)); - if(sldns_buffer_remaining(c->buffer) == 0) { + if(sldns_buffer_remaining(buffer) == 0) { tcp_callback_writer(c); return 1; } } - log_assert(sldns_buffer_remaining(c->buffer) > 0); - r = send(fd, (void*)sldns_buffer_current(c->buffer), - sldns_buffer_remaining(c->buffer), 0); + log_assert(sldns_buffer_remaining(buffer) > 0); + r = send(fd, (void*)sldns_buffer_current(buffer), + sldns_buffer_remaining(buffer), 0); if(r == -1) { #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) @@ -1487,9 +1504,9 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) #endif return 0; } - sldns_buffer_skip(c->buffer, r); + sldns_buffer_skip(buffer, r); - if(sldns_buffer_remaining(c->buffer) == 0) { + if(sldns_buffer_remaining(buffer) == 0) { tcp_callback_writer(c); } @@ -1503,6 +1520,20 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) log_assert(c->type == comm_tcp); ub_comm_base_now(c->ev->base); +#ifdef USE_DNSCRYPT + /* Initialize if this is a dnscrypt socket */ + if(c->tcp_parent) { + c->dnscrypt = c->tcp_parent->dnscrypt; + } + if(c->dnscrypt && c->dnscrypt_buffer == c->buffer) { + c->dnscrypt_buffer = sldns_buffer_new(sldns_buffer_capacity(c->buffer)); + if(!c->dnscrypt_buffer) { + log_err("Could not allocate dnscrypt buffer"); + return; + } + } +#endif + if(event&UB_EV_READ) { if(!comm_point_tcp_handle_read(fd, c, 0)) { reclaim_tcp_handler(c); @@ -1605,6 +1636,10 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, #ifdef USE_MSG_FASTOPEN c->tcp_do_fastopen = 0; #endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = buffer; +#endif c->inuse = 0; c->callback = callback; c->cb_arg = callback_arg; @@ -1655,6 +1690,10 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, c->type = comm_udp; c->tcp_do_close = 0; c->do_not_close = 0; +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = buffer; +#endif c->inuse = 0; c->tcp_do_toggle_rw = 0; c->tcp_check_nb_connect = 0; @@ -1726,6 +1765,12 @@ comm_point_create_tcp_handler(struct comm_base *base, #ifdef USE_MSG_FASTOPEN c->tcp_do_fastopen = 0; #endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + // We don't know just yet if this is a dnscrypt channel. Allocation + // will be done when handling the callback. + c->dnscrypt_buffer = c->buffer; +#endif c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; @@ -1789,6 +1834,10 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, size_t bufsize, #ifdef USE_MSG_FASTOPEN c->tcp_do_fastopen = 0; #endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = NULL; +#endif c->callback = NULL; c->cb_arg = NULL; evbits = UB_EV_READ | UB_EV_PERSIST; @@ -1857,6 +1906,10 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, #ifdef USE_MSG_FASTOPEN c->tcp_do_fastopen = 1; #endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = c->buffer; +#endif c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; @@ -1914,6 +1967,10 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, #ifdef USE_MSG_FASTOPEN c->tcp_do_fastopen = 0; #endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = c->buffer; +#endif c->callback = callback; c->cb_arg = callback_arg; /* ub_event stuff */ @@ -1970,6 +2027,10 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing, #ifdef USE_MSG_FASTOPEN c->tcp_do_fastopen = 0; #endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = c->buffer; +#endif c->callback = callback; c->cb_arg = callback_arg; /* ub_event stuff */ @@ -2034,8 +2095,14 @@ comm_point_delete(struct comm_point* c) free(c->tcp_handlers); } free(c->timeout); - if(c->type == comm_tcp || c->type == comm_local) + if(c->type == comm_tcp || c->type == comm_local) { sldns_buffer_free(c->buffer); +#ifdef USE_DNSCRYPT + if(c->dnscrypt && c->dnscrypt_buffer != c->buffer) { + sldns_buffer_free(c->dnscrypt_buffer); + } +#endif + } ub_event_free(c->ev->ev); free(c->ev); free(c); @@ -2044,14 +2111,23 @@ comm_point_delete(struct comm_point* c) void comm_point_send_reply(struct comm_reply *repinfo) { + struct sldns_buffer* buffer; log_assert(repinfo && repinfo->c); +#ifdef USE_DNSCRYPT + buffer = repinfo->c->dnscrypt_buffer; + if(!dnsc_handle_uncurved_request(repinfo)) { + return; + } +#else + buffer = repinfo->c->buffer; +#endif if(repinfo->c->type == comm_udp) { if(repinfo->srctype) comm_point_send_udp_msg_if(repinfo->c, - repinfo->c->buffer, (struct sockaddr*)&repinfo->addr, + buffer, (struct sockaddr*)&repinfo->addr, repinfo->addrlen, repinfo); else - comm_point_send_udp_msg(repinfo->c, repinfo->c->buffer, + comm_point_send_udp_msg(repinfo->c, buffer, (struct sockaddr*)&repinfo->addr, repinfo->addrlen); #ifdef USE_DNSTAP if(repinfo->c->dtenv != NULL && @@ -2160,8 +2236,15 @@ size_t comm_point_get_mem(struct comm_point* c) s = sizeof(*c) + sizeof(*c->ev); if(c->timeout) s += sizeof(*c->timeout); - if(c->type == comm_tcp || c->type == comm_local) + if(c->type == comm_tcp || c->type == comm_local) { s += sizeof(*c->buffer) + sldns_buffer_capacity(c->buffer); +#ifdef USE_DNSCRYPT + s += sizeof(*c->dnscrypt_buffer); + if(c->buffer != c->dnscrypt_buffer) { + s += sldns_buffer_capacity(c->dnscrypt_buffer); + } +#endif + } if(c->type == comm_tcp_accept) { int i; for(i=0; i<c->max_tcp_count; i++) diff --git a/util/netevent.h b/util/netevent.h index 2ce716b850e9..cb8eb86b9f74 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -60,6 +60,8 @@ #ifndef NET_EVENT_H #define NET_EVENT_H +#include "dnscrypt/dnscrypt.h" + struct sldns_buffer; struct comm_point; struct comm_reply; @@ -114,6 +116,13 @@ struct comm_reply { socklen_t addrlen; /** return type 0 (none), 4(IP4), 6(IP6) */ int srctype; + /* DnsCrypt context */ +#ifdef USE_DNSCRYPT + uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; + uint8_t nmkey[crypto_box_BEFORENMBYTES]; + const KeyPair *keypair; + int is_dnscrypted; +#endif /** the return source interface data */ union { #ifdef IPV6_PKTINFO @@ -127,6 +136,8 @@ struct comm_reply { } /** variable with return source data */ pktinfo; + /** max udp size for udp packets */ + size_t max_udp_size; }; /** @@ -236,6 +247,12 @@ struct comm_point { int tcp_do_fastopen; #endif +#ifdef USE_DNSCRYPT + /** Is this a dnscrypt channel */ + int dnscrypt; + /** encrypted buffer pointer. Either to perthread, or own buffer or NULL */ + struct sldns_buffer* dnscrypt_buffer; +#endif /** number of queries outstanding on this socket, used by * outside network for udp ports */ int inuse; diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c new file mode 100644 index 000000000000..cab9aed560bd --- /dev/null +++ b/util/shm_side/shm_main.c @@ -0,0 +1,286 @@ +/* + * util/shm_side/shm_main.c - SHM for statistics transport + * + * Copyright (c) 2017, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions for the SHM implementation. + */ + +#include "config.h" +#include <ctype.h> +#include <stdarg.h> +#ifdef HAVE_SYS_IPC_H +#include <sys/ipc.h> +#endif +#ifdef HAVE_SYS_SHM_H +#include <sys/shm.h> +#endif +#include <sys/time.h> +#include <errno.h> +#include "shm_main.h" +#include "daemon/daemon.h" +#include "daemon/worker.h" +#include "daemon/stats.h" +#include "services/mesh.h" +#include "services/cache/rrset.h" +#include "services/cache/infra.h" +#include "validator/validator.h" +#include "util/config_file.h" +#include "util/fptr_wlist.h" +#include "util/log.h" + +#ifdef HAVE_SHMGET +/** subtract timers and the values do not overflow or become negative */ +static void +timeval_subtract(struct timeval* d, const struct timeval* end, + const struct timeval* start) +{ +#ifndef S_SPLINT_S + time_t end_usec = end->tv_usec; + d->tv_sec = end->tv_sec - start->tv_sec; + if(end_usec < start->tv_usec) { + end_usec += 1000000; + d->tv_sec--; + } + d->tv_usec = end_usec - start->tv_usec; +#endif +} +#endif /* HAVE_SHMGET */ + +int shm_main_init(struct daemon* daemon) +{ +#ifdef HAVE_SHMGET + struct shm_stat_info *shm_stat; + size_t shm_size; + + /* sanitize */ + if(!daemon) + return 0; + if(!daemon->cfg->shm_enable) + return 1; + if(daemon->cfg->stat_interval == 0) + log_warn("shm-enable is yes but statistics-interval is 0"); + + /* Statistics to maintain the number of thread + total */ + shm_size = (sizeof(struct stats_info) * (daemon->num + 1)); + + /* Allocation of needed memory */ + daemon->shm_info = (struct shm_main_info*)calloc(1, shm_size); + + /* Sanitize */ + if(!daemon->shm_info) { + log_err("shm fail: malloc failure"); + return 0; + } + + daemon->shm_info->key = daemon->cfg->shm_key; + + /* Check for previous create SHM */ + daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(int), SHM_R); + daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, sizeof(int), SHM_R); + + /* Destroy previous SHM */ + if (daemon->shm_info->id_ctl >= 0) + shmctl(daemon->shm_info->id_ctl, IPC_RMID, NULL); + + /* Destroy previous SHM */ + if (daemon->shm_info->id_arr >= 0) + shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); + + /* SHM: Create the segment */ + daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct shm_stat_info), IPC_CREAT | 0666); + + if (daemon->shm_info->id_ctl < 0) + { + log_err("SHM failed(id_ctl) cannot shmget(key %d) %s", + daemon->shm_info->key, strerror(errno)); + + /* Just release memory unused */ + free(daemon->shm_info); + + return 0; + } + + daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666); + + if (daemon->shm_info->id_arr < 0) + { + log_err("SHM failed(id_arr) cannot shmget(key %d + 1) %s", + daemon->shm_info->key, strerror(errno)); + + /* Just release memory unused */ + free(daemon->shm_info); + + return 0; + } + + /* SHM: attach the segment */ + daemon->shm_info->ptr_ctl = (struct shm_stat_info*) + shmat(daemon->shm_info->id_ctl, NULL, 0); + if(daemon->shm_info->ptr_ctl == (void *) -1) { + log_err("SHM failed(ctl) cannot shmat(%d) %s", + daemon->shm_info->id_ctl, strerror(errno)); + + /* Just release memory unused */ + free(daemon->shm_info); + + return 0; + } + + daemon->shm_info->ptr_arr = (struct stats_info*) + shmat(daemon->shm_info->id_arr, NULL, 0); + + if (daemon->shm_info->ptr_arr == (void *) -1) + { + log_err("SHM failed(arr) cannot shmat(%d) %s", + daemon->shm_info->id_arr, strerror(errno)); + + /* Just release memory unused */ + free(daemon->shm_info); + + return 0; + } + + /* Zero fill SHM to stand clean while is not filled by other events */ + memset(daemon->shm_info->ptr_ctl, 0, sizeof(struct shm_stat_info)); + memset(daemon->shm_info->ptr_arr, 0, shm_size); + + shm_stat = daemon->shm_info->ptr_ctl; + shm_stat->num_threads = daemon->num; + +#else + (void)daemon; +#endif /* HAVE_SHMGET */ + return 1; +} + +void shm_main_shutdown(struct daemon* daemon) +{ +#ifdef HAVE_SHMGET + /* web are OK, just disabled */ + if(!daemon->cfg->shm_enable) + return; + + verbose(VERB_DETAIL, "SHM shutdown - KEY [%d] - ID CTL [%d] ARR [%d] - PTR CTL [%p] ARR [%p]", + daemon->shm_info->key, daemon->shm_info->id_ctl, daemon->shm_info->id_arr, daemon->shm_info->ptr_ctl, daemon->shm_info->ptr_arr); + + /* Destroy previous SHM */ + if (daemon->shm_info->id_ctl >= 0) + shmctl(daemon->shm_info->id_ctl, IPC_RMID, NULL); + + if (daemon->shm_info->id_arr >= 0) + shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); + + if (daemon->shm_info->ptr_ctl) + shmdt(daemon->shm_info->ptr_ctl); + + if (daemon->shm_info->ptr_arr) + shmdt(daemon->shm_info->ptr_arr); + +#else + (void)daemon; +#endif /* HAVE_SHMGET */ +} + +void shm_main_run(struct worker *worker) +{ +#ifdef HAVE_SHMGET + struct shm_stat_info *shm_stat; + struct stats_info *stat_total; + struct stats_info *stat_info; + int modstack; + int offset; + + verbose(VERB_DETAIL, "SHM run - worker [%d] - daemon [%p] - timenow(%u) - timeboot(%u)", + worker->thread_num, worker->daemon, (unsigned)worker->env.now_tv->tv_sec, (unsigned)worker->daemon->time_boot.tv_sec); + + offset = worker->thread_num + 1; + stat_total = worker->daemon->shm_info->ptr_arr; + stat_info = worker->daemon->shm_info->ptr_arr + offset; + + /* Copy data to the current position */ + server_stats_compile(worker, stat_info, 0); + + /* First thread, zero fill total, and copy general info */ + if (worker->thread_num == 0) { + + /* Copy data to the current position */ + memset(stat_total, 0, sizeof(struct stats_info)); + + /* Point to data into SHM */ + shm_stat = worker->daemon->shm_info->ptr_ctl; + shm_stat->time.now = *worker->env.now_tv; + + timeval_subtract(&shm_stat->time.up, &shm_stat->time.now, &worker->daemon->time_boot); + timeval_subtract(&shm_stat->time.elapsed, &shm_stat->time.now, &worker->daemon->time_last_stat); + + shm_stat->mem.msg = slabhash_get_mem(worker->env.msg_cache); + shm_stat->mem.rrset = slabhash_get_mem(&worker->env.rrset_cache->table); + shm_stat->mem.val = 0; + shm_stat->mem.iter = 0; + + modstack = modstack_find(&worker->env.mesh->mods, "validator"); + if(modstack != -1) { + fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->mods.mod[modstack]->get_mem)); + shm_stat->mem.val = (*worker->env.mesh->mods.mod[modstack]->get_mem)(&worker->env, modstack); + } + modstack = modstack_find(&worker->env.mesh->mods, "iterator"); + if(modstack != -1) { + fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->mods.mod[modstack]->get_mem)); + shm_stat->mem.iter = (*worker->env.mesh->mods.mod[modstack]->get_mem)(&worker->env, modstack); + } + /* subnet mem value is available in shm, also when not enabled, + * to make the struct easier to memmap by other applications, + * independent of the configuration of unbound */ + shm_stat->mem.subnet = 0; +#ifdef CLIENT_SUBNET + modstack = modstack_find(&worker->env.mesh->mods, "subnet"); + if(modstack != -1) { + fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->mods.mod[modstack]->get_mem)); + shm_stat->mem.subnet = (*worker->env.mesh->mods.mod[modstack]->get_mem)(&worker->env, modstack); + } +#endif + } + + server_stats_add(stat_total, stat_info); + + /* print the thread statistics */ + stat_total->mesh_time_median /= (double)worker->daemon->num; + +#else + (void)worker; +#endif /* HAVE_SHMGET */ +} diff --git a/util/shm_side/shm_main.h b/util/shm_side/shm_main.h new file mode 100644 index 000000000000..8e4f4d051026 --- /dev/null +++ b/util/shm_side/shm_main.h @@ -0,0 +1,86 @@ +/* + * util/shm_side/shm_main.h - control the shared memory for unbound. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions for the SHM side. + */ + +#ifndef UTIL_SHM_SIDE_MAIN_H +#define UTIL_SHM_SIDE_MAIN_H +struct daemon; +struct worker; + +/** Some global statistics that are not in struct stats_info, + * this struct is shared on a shm segment */ +struct shm_stat_info { + + int num_threads; + + struct { + struct timeval now; + struct timeval up; + struct timeval elapsed; + } time; + + struct { + size_t msg; + size_t rrset; + size_t val; + size_t iter; + size_t subnet; + } mem; +}; + +/** + * The SHM info. + */ +struct shm_main_info { + /** stats_info array, shared memory segment. + * [0] is totals, [1..thread_num] are per-thread stats */ + struct stats_info* ptr_arr; + /** the global stats block, shared memory segment */ + struct shm_stat_info* ptr_ctl; + int key; + int id_ctl; + int id_arr; +}; + +int shm_main_init(struct daemon* daemon); +void shm_main_shutdown(struct daemon* daemon); +void shm_main_run(struct worker *worker); + +#endif /* UTIL_SHM_SIDE_MAIN_H */ diff --git a/util/storage/lruhash.c b/util/storage/lruhash.c index 97e99960562d..0003ff491e46 100644 --- a/util/storage/lruhash.c +++ b/util/storage/lruhash.c @@ -543,3 +543,89 @@ lruhash_traverse(struct lruhash* h, int wr, } lock_quick_unlock(&h->lock); } + +/* + * Demote: the opposite of touch, move an entry to the bottom + * of the LRU pile. + */ + +void +lru_demote(struct lruhash* table, struct lruhash_entry* entry) +{ + log_assert(table && entry); + if (entry == table->lru_end) + return; /* nothing to do */ + /* remove from current lru position */ + lru_remove(table, entry); + /* add at end */ + entry->lru_next = NULL; + entry->lru_prev = table->lru_end; + + if (table->lru_end == NULL) + { + table->lru_start = entry; + } + else + { + table->lru_end->lru_next = entry; + } + table->lru_end = entry; +} + +struct lruhash_entry* +lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, + struct lruhash_entry* entry, void* data, void* cb_arg) +{ + struct lruhash_bin* bin; + struct lruhash_entry* found, *reclaimlist = NULL; + size_t need_size; + fptr_ok(fptr_whitelist_hash_sizefunc(table->sizefunc)); + fptr_ok(fptr_whitelist_hash_delkeyfunc(table->delkeyfunc)); + fptr_ok(fptr_whitelist_hash_deldatafunc(table->deldatafunc)); + fptr_ok(fptr_whitelist_hash_compfunc(table->compfunc)); + fptr_ok(fptr_whitelist_hash_markdelfunc(table->markdelfunc)); + need_size = table->sizefunc(entry->key, data); + if (cb_arg == NULL) cb_arg = table->cb_arg; + + /* find bin */ + lock_quick_lock(&table->lock); + bin = &table->array[hash & table->size_mask]; + lock_quick_lock(&bin->lock); + + /* see if entry exists already */ + if ((found = bin_find_entry(table, bin, hash, entry->key)) != NULL) { + /* if so: keep the existing data - acquire a writelock */ + lock_rw_wrlock(&found->lock); + } + else + { + /* if not: add to bin */ + entry->overflow_next = bin->overflow_list; + bin->overflow_list = entry; + lru_front(table, entry); + table->num++; + table->space_used += need_size; + /* return the entry that was presented, and lock it */ + found = entry; + lock_rw_wrlock(&found->lock); + } + lock_quick_unlock(&bin->lock); + if (table->space_used > table->space_max) + reclaim_space(table, &reclaimlist); + if (table->num >= table->size) + table_grow(table); + lock_quick_unlock(&table->lock); + + /* finish reclaim if any (outside of critical region) */ + while (reclaimlist) { + struct lruhash_entry* n = reclaimlist->overflow_next; + void* d = reclaimlist->data; + (*table->delkeyfunc)(reclaimlist->key, cb_arg); + (*table->deldatafunc)(d, cb_arg); + reclaimlist = n; + } + + /* return the entry that was selected */ + return found; +} + diff --git a/util/storage/lruhash.h b/util/storage/lruhash.h index c39374082328..4759b5001231 100644 --- a/util/storage/lruhash.h +++ b/util/storage/lruhash.h @@ -301,6 +301,38 @@ void lru_touch(struct lruhash* table, struct lruhash_entry* entry); */ void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md); +/************************* getdns functions ************************/ +/*** these are used by getdns only and not by unbound. ***/ + +/** + * Demote entry, so it becomes the least recently used in the LRU list. + * Caller must hold hash table lock. The entry must be inserted already. + * @param table: hash table. + * @param entry: entry to make last in LRU. + */ +void lru_demote(struct lruhash* table, struct lruhash_entry* entry); + +/** + * Insert a new element into the hashtable, or retrieve the corresponding + * element of it exits. + * + * If key is already present data pointer in that entry is kept. + * If it is not present, a new entry is created. In that case, + * the space calculation function is called with the key, data. + * If necessary the least recently used entries are deleted to make space. + * If necessary the hash array is grown up. + * + * @param table: hash table. + * @param hash: hash value. User calculates the hash. + * @param entry: identifies the entry. + * @param data: the data. + * @param cb_arg: if not null overrides the cb_arg for the deletefunc. + * @return: pointer to the existing entry if the key was already present, + * or to the entry argument if it was not. + */ +struct lruhash_entry* lruhash_insert_or_retrieve(struct lruhash* table, hashvalue_type hash, + struct lruhash_entry* entry, void* data, void* cb_arg); + /************************* Internal functions ************************/ /*** these are only exposed for unit tests. ***/ diff --git a/validator/val_anchor.c b/validator/val_anchor.c index 2a7e0beeb6c5..6c6322447d6d 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -1273,3 +1273,39 @@ anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, anchors_delfunc(&ta->node, NULL); } +/** compare two keytags, return -1, 0 or 1 */ +static int +keytag_compare(const void* x, const void* y) +{ + if(*(uint16_t*)x == *(uint16_t*)y) + return 0; + if(*(uint16_t*)x > *(uint16_t*)y) + return 1; + return -1; +} + +size_t +anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, size_t num) +{ + size_t i, ret = 0; + if(ta->numDS == 0 && ta->numDNSKEY == 0) + return 0; /* insecure point */ + if(ta->numDS != 0 && ta->ds_rrset) { + struct packed_rrset_data* d=(struct packed_rrset_data*) + ta->ds_rrset->entry.data; + for(i=0; i<d->count; i++) { + if(ret == num) continue; + list[ret++] = ds_get_keytag(ta->ds_rrset, i); + } + } + if(ta->numDNSKEY != 0 && ta->dnskey_rrset) { + struct packed_rrset_data* d=(struct packed_rrset_data*) + ta->dnskey_rrset->entry.data; + for(i=0; i<d->count; i++) { + if(ret == num) continue; + list[ret++] = dnskey_calc_keytag(ta->dnskey_rrset, i); + } + } + qsort(list, ret, sizeof(*list), keytag_compare); + return ret; +} diff --git a/validator/val_anchor.h b/validator/val_anchor.h index 226165514c5a..318a2b227cc7 100644 --- a/validator/val_anchor.h +++ b/validator/val_anchor.h @@ -216,4 +216,15 @@ int anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm); void anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm); +/** + * Get a list of keytags for the trust anchor. Zero tags for insecure points. + * @param ta: trust anchor (locked by caller). + * @param list: array of uint16_t. + * @param num: length of array. + * @return number of keytags filled into array. If total number of keytags is + * bigger than the array, it is truncated at num. On errors, less keytags + * are filled in. The array is sorted. + */ +size_t anchor_list_keytags(struct trust_anchor* ta, uint16_t* list, size_t num); + #endif /* VALIDATOR_VAL_ANCHOR_H */ diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index 302820fc2f97..be88ff438660 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -74,6 +74,8 @@ /** fake DSA support for unit tests */ int fake_dsa = 0; +/** fake SHA1 support for unit tests */ +int fake_sha1 = 0; /* return size of digest if supported, or 0 otherwise */ size_t @@ -116,9 +118,12 @@ size_t ds_digest_size_supported(int algo) { switch(algo) { -#ifdef HAVE_EVP_SHA1 case LDNS_SHA1: +#if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) return SHA_DIGEST_LENGTH; +#else + if(fake_sha1) return 20; + return 0; #endif #ifdef HAVE_EVP_SHA256 case LDNS_SHA256: @@ -158,7 +163,7 @@ secalgo_ds_digest(int algo, unsigned char* buf, size_t len, unsigned char* res) { switch(algo) { -#ifdef HAVE_EVP_SHA1 +#if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) case LDNS_SHA1: (void)SHA1(buf, len, res); return 1; @@ -197,14 +202,22 @@ dnskey_algo_id_is_supported(int id) return 0; case LDNS_DSA: case LDNS_DSA_NSEC3: -#ifdef USE_DSA +#if defined(USE_DSA) && defined(USE_SHA1) return 1; #else - if(fake_dsa) return 1; + if(fake_dsa || fake_sha1) return 1; return 0; #endif + case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: +#ifdef USE_SHA1 + return 1; +#else + if(fake_sha1) return 1; + return 0; +#endif + #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) case LDNS_RSASHA256: #endif @@ -215,7 +228,10 @@ dnskey_algo_id_is_supported(int id) case LDNS_ECDSAP256SHA256: case LDNS_ECDSAP384SHA384: #endif +#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA) return 1; +#endif + #ifdef USE_GOST case LDNS_ECC_GOST: /* we support GOST if it can be loaded */ @@ -392,13 +408,13 @@ static int setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, unsigned char* key, size_t keylen) { -#ifdef USE_DSA +#if defined(USE_DSA) && defined(USE_SHA1) DSA* dsa; #endif RSA* rsa; switch(algo) { -#ifdef USE_DSA +#if defined(USE_DSA) && defined(USE_SHA1) case LDNS_DSA: case LDNS_DSA_NSEC3: *evp_key = EVP_PKEY_new(); @@ -424,9 +440,13 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, #endif break; -#endif /* USE_DSA */ +#endif /* USE_DSA && USE_SHA1 */ + +#if defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) +#ifdef USE_SHA1 case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: +#endif #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) case LDNS_RSASHA256: #endif @@ -461,9 +481,14 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, *digest_type = EVP_sha512(); else #endif +#ifdef USE_SHA1 *digest_type = EVP_sha1(); - +#else + { verbose(VERB_QUERY, "no digest available"); return 0; } +#endif break; +#endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */ + case LDNS_RSAMD5: *evp_key = EVP_PKEY_new(); if(!*evp_key) { @@ -562,7 +587,11 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, EVP_PKEY *evp_key = NULL; #ifndef USE_DSA - if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && fake_dsa) + if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1)) + return sec_status_secure; +#endif +#ifndef USE_SHA1 + if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3)) return sec_status_secure; #endif @@ -706,8 +735,10 @@ ds_digest_size_supported(int algo) { /* uses libNSS */ switch(algo) { +#ifdef USE_SHA1 case LDNS_SHA1: return SHA1_LENGTH; +#endif #ifdef USE_SHA2 case LDNS_SHA256: return SHA256_LENGTH; @@ -729,9 +760,11 @@ secalgo_ds_digest(int algo, unsigned char* buf, size_t len, { /* uses libNSS */ switch(algo) { +#ifdef USE_SHA1 case LDNS_SHA1: return HASH_HashBuf(HASH_AlgSHA1, res, buf, len) == SECSuccess; +#endif #if defined(USE_SHA2) case LDNS_SHA256: return HASH_HashBuf(HASH_AlgSHA256, res, buf, len) @@ -759,12 +792,15 @@ dnskey_algo_id_is_supported(int id) case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */ return 0; -#ifdef USE_DSA +#if defined(USE_SHA1) || defined(USE_SHA2) +#if defined(USE_DSA) && defined(USE_SHA1) case LDNS_DSA: case LDNS_DSA_NSEC3: #endif +#ifdef USE_SHA1 case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: +#endif #ifdef USE_SHA2 case LDNS_RSASHA256: #endif @@ -772,6 +808,8 @@ dnskey_algo_id_is_supported(int id) case LDNS_RSASHA512: #endif return 1; +#endif /* SHA1 or SHA2 */ + #ifdef USE_ECDSA case LDNS_ECDSAP256SHA256: case LDNS_ECDSAP384SHA384: @@ -1003,7 +1041,9 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype, */ switch(algo) { -#ifdef USE_DSA + +#if defined(USE_SHA1) || defined(USE_SHA2) +#if defined(USE_DSA) && defined(USE_SHA1) case LDNS_DSA: case LDNS_DSA_NSEC3: *pubkey = nss_buf2dsa(key, keylen); @@ -1015,8 +1055,10 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype, /* no prefix for DSA verification */ break; #endif +#ifdef USE_SHA1 case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: +#endif #ifdef USE_SHA2 case LDNS_RSASHA256: #endif @@ -1043,13 +1085,22 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype, *prefixlen = sizeof(p_sha512); } else #endif +#ifdef USE_SHA1 { *htype = HASH_AlgSHA1; *prefix = p_sha1; *prefixlen = sizeof(p_sha1); } +#else + { + verbose(VERB_QUERY, "verify: no digest algo"); + return 0; + } +#endif break; +#endif /* SHA1 or SHA2 */ + case LDNS_RSAMD5: *pubkey = nss_buf2rsa(key, keylen); if(!*pubkey) { @@ -1131,7 +1182,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, return sec_status_bogus; } -#ifdef USE_DSA +#if defined(USE_DSA) && defined(USE_SHA1) /* need to convert DSA, ECDSA signatures? */ if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) { if(sigblock_len == 1+2*SHA1_LENGTH) { @@ -1312,7 +1363,12 @@ ds_digest_size_supported(int algo) { switch(algo) { case LDNS_SHA1: +#ifdef USE_SHA1 return SHA1_DIGEST_SIZE; +#else + if(fake_sha1) return 20; + return 0; +#endif #ifdef USE_SHA2 case LDNS_SHA256: return SHA256_DIGEST_SIZE; @@ -1334,8 +1390,10 @@ secalgo_ds_digest(int algo, unsigned char* buf, size_t len, unsigned char* res) { switch(algo) { +#ifdef USE_SHA1 case LDNS_SHA1: return _digest_nettle(SHA1_DIGEST_SIZE, buf, len, res); +#endif #if defined(USE_SHA2) case LDNS_SHA256: return _digest_nettle(SHA256_DIGEST_SIZE, buf, len, res); @@ -1359,12 +1417,14 @@ dnskey_algo_id_is_supported(int id) { /* uses libnettle */ switch(id) { -#ifdef USE_DSA +#if defined(USE_DSA) && defined(USE_SHA1) case LDNS_DSA: case LDNS_DSA_NSEC3: #endif +#ifdef USE_SHA1 case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: +#endif #ifdef USE_SHA2 case LDNS_RSASHA256: case LDNS_RSASHA512: @@ -1381,7 +1441,7 @@ dnskey_algo_id_is_supported(int id) } } -#ifdef USE_DSA +#if defined(USE_DSA) && defined(USE_SHA1) static char * _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock, unsigned int sigblock_len, unsigned char* key, unsigned int keylen) @@ -1641,7 +1701,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, } switch(algo) { -#ifdef USE_DSA +#if defined(USE_DSA) && defined(USE_SHA1) case LDNS_DSA: case LDNS_DSA_NSEC3: *reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen); @@ -1651,9 +1711,11 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, return sec_status_secure; #endif /* USE_DSA */ +#ifdef USE_SHA1 case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); +#endif #ifdef USE_SHA2 case LDNS_RSASHA256: digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index b0b2e970ff25..25278a8f3ac0 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -51,6 +51,7 @@ #include "util/module.h" #include "util/net_help.h" #include "util/regional.h" +#include "util/config_file.h" #include "sldns/keyraw.h" #include "sldns/sbuffer.h" #include "sldns/parseutil.h" @@ -318,12 +319,17 @@ int ds_digest_match_dnskey(struct module_env* env, size_t dslen; uint8_t* digest; /* generated digest */ size_t digestlen = ds_digest_size_algo(ds_rrset, ds_idx); - + if(digestlen == 0) { verbose(VERB_QUERY, "DS fail: not supported, or DS RR " "format error"); return 0; /* not supported, or DS RR format error */ } +#ifndef USE_SHA1 + if(fake_sha1 && ds_get_digest_algo(ds_rrset, ds_idx)==LDNS_SHA1) + return 1; +#endif + /* check digest length in DS with length from hash function */ ds_get_sigdata(ds_rrset, ds_idx, &ds, &dslen); if(!ds || dslen != digestlen) { diff --git a/validator/val_utils.c b/validator/val_utils.c index da8066aad7e9..e3677e1d9ceb 100644 --- a/validator/val_utils.c +++ b/validator/val_utils.c @@ -495,16 +495,21 @@ val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, return sec_status_bogus; } - digest_algo = val_favorite_ds_algo(ds_rrset); - if(sigalg) + if(sigalg) { + /* harden against algo downgrade is enabled */ + digest_algo = val_favorite_ds_algo(ds_rrset); algo_needs_init_ds(&needs, ds_rrset, digest_algo, sigalg); + } else { + /* accept any key algo, any digest algo */ + digest_algo = -1; + } num = rrset_get_count(ds_rrset); for(i=0; i<num; i++) { /* Check to see if we can understand this DS. * And check it is the strongest digest */ if(!ds_digest_algo_is_supported(ds_rrset, i) || !ds_key_algo_is_supported(ds_rrset, i) || - ds_get_digest_algo(ds_rrset, i) != digest_algo) { + (sigalg && (ds_get_digest_algo(ds_rrset, i) != digest_algo))) { continue; } diff --git a/validator/validator.c b/validator/validator.c index 676dcdfe4d8b..81ba5fa17ba2 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -2089,18 +2089,20 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, } /* store results in cache */ - if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { + if(qstate->query_flags&BIT_RD) { /* if secure, this will override cache anyway, no need * to check if from parentNS */ - if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, - vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL, - qstate->query_flags)) { - log_err("out of memory caching validator results"); + if(!qstate->no_cache_store) { + if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, + vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL, + qstate->query_flags)) { + log_err("out of memory caching validator results"); + } } } else { /* for a referral, store the verified RRsets */ /* and this does not get prefetched, so no leeway */ - if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, + if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo, vq->orig_msg->rep, 1, 0, 0, NULL, qstate->query_flags)) { log_err("out of memory caching validator results"); diff --git a/winrc/unbound-control-setup.cmd b/winrc/unbound-control-setup.cmd index ddf4a06e038a..8c283fd5cb69 100644 --- a/winrc/unbound-control-setup.cmd +++ b/winrc/unbound-control-setup.cmd @@ -37,7 +37,7 @@ rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. rem settings:
rem directory for files
-set prefix="C:\Program Files (x86)"
+set prefix="C:\Program Files"
set DESTDIR=%prefix%\Unbound
rem issuer and subject name for certificates
|